First published: Thu Jun 10 2021(Updated: )
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cerberusftp Ftp Server | <10.0.19 | |
Cerberusftp Ftp Server | >=11.0.0<11.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-25046 is a vulnerability in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 that allows cross-site scripting (XSS) via an SVG document.
CVE-2019-25046 affects Cerberus FTP Server Enterprise versions before 10.0.19 and 11.x before 11.0.4 by allowing an attacker to conduct cross-site scripting attacks.
CVE-2019-25046 has a severity rating of 6.1, which is considered medium.
To fix CVE-2019-25046, it is recommended to update Cerberus FTP Server Enterprise to version 10.0.19 or higher for versions before 10.0.19, and to version 11.0.4 or higher for versions between 11.0.0 and 11.0.4.
You can find more information about CVE-2019-25046 in the Cerberus FTP Server Enterprise release notes and in the Cerberus FTP Server website's article on the XSS vulnerability when previewing SVG content.