New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 3
SynopsisThe FTP server installed on the remote Windows host has multiple cross-site scripting vulnerabilities.
DescriptionThe version of Cerberus FTP server on the remote host is earlier than 188.8.131.52. As such, it is potentially affected by the following cross- site scripting vulnerabilities :
- The user-supplied input for fields under administration 'Messages' tab are not validated before being returned to the user.
- The user-supplied input to the 'USER' FTP command is not validated before display in the administration logging page.
A remote attacker could exploit these by tricking a user into requesting a maliciously crafted URL, resulting in the execution of arbitrary script code.
SolutionUpgrade to Cerberus FTP server 184.108.40.206 or later.