CVE-2020-5195: XSS
First published: Mon Jan 13 2020(Updated: )
Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cerberusftp Ftp Server | >=10.0.0<10.0.17 | |
| Cerberusftp Ftp Server | >=11.0.0<11.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5195?
CVE-2020-5195 refers to a vulnerability that allows for reflected cross-site scripting (XSS) in Cerberus FTP Server versions prior to 11.0.1 and 10.0.17.
How does CVE-2020-5195 impact Cerberus FTP Server?
CVE-2020-5195 allows a remote attacker to execute arbitrary JavaScript or HTML by exploiting a crafted public folder URL in Cerberus FTP Server.
What is the severity of CVE-2020-5195?
The severity of CVE-2020-5195 is medium with a CVSS score of 6.1.
How can I fix CVE-2020-5195?
To fix CVE-2020-5195, it is recommended to upgrade Cerberus FTP Server to version 11.0.1 or 10.0.17, which contain the necessary fixes for the vulnerability.
Where can I find more information about CVE-2020-5195?
More information about CVE-2020-5195 can be found on the Cerberus FTP Server support website and the provided reference links.
- collector/nvd-index
- vendor/cerberusftp
- canonical/cerberusftp ftp server
- version/cerberusftp ftp server/10.0.0
- version/cerberusftp ftp server/11.0.0