XSS in Ftp Admin

CVE-2007-6232

Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.016 (71.9th percentile) — read the EPSS interpretation.

Affected products

Ftp Admin — versions 0.1.0
Hp Hp-ux
Hp Tru64
Ibm Aix
Linux Linux_kernel
Santa_cruz_operation Sco_unix — versions any_version
Sgi Irix — versions any_version
Sun Solaris
Windriver Bsdos — versions any_version
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)