CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-2350

Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
http://www.kb.cert.org/vuls/id/505560
http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
http://www.kb.cert.org/vuls/id/505560

Products affected by CVE-2016-2350

Accellion » File Transfer Appliance » Version: 8_0_540

cpe:2.3:a:accellion:file_transfer_appliance:8_0_540
Accellion » File Transfer Appliance » Version: 9_11_200

cpe:2.3:a:accellion:file_transfer_appliance:9_11_200
Accellion » File Transfer Appliance » Version: 9_11_210

cpe:2.3:a:accellion:file_transfer_appliance:9_11_210

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-2350

Products

Pricing

Contact Us