Pro2col Stingray FTS Username cross site scripting

A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. This issue affects some unknown processing. The manipulation of the argument Username leads to basic cross site scripting. The CWE definition for the vulnerability is CWE-80. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The weakness was shared 09/12/2008 by Marc Ruef with scip AG as Mailinglist Post (Bugtraq). The advisory is shared at seclists.org. The identification of this vulnerability is CVE-2008-10001. The attack may be initiated remotely. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1059.007 for this issue. It is declared as not defined. We expect the 0-day to have been worth approximately $5k-$25k. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

138

Field

exploit_price_0day2
cna_eol1
cna_responsible1
source_cve_cna1
source_cve1

Commit Conf

100%37
90%8
96%4
60%2
95%2

Approve Conf

100%37
90%8
96%4
60%2
95%2
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1212220401/28/2022VulD...price_0day$5k-$25ksee exploit price documentation01/28/2022accepted
90
1212220301/28/2022VulD...eol101/28/2022accepted
100
1212220201/28/2022VulD...responsibleVulDB01/28/2022accepted
100
1212220101/28/2022VulD...cve_cnaVulDBcve.org01/28/2022accepted
100
1212220001/28/2022VulD...cveCVE-2008-10001cve.org01/28/2022accepted
100
31934206/07/2019VulD...cwe80 (cross site scripting)06/07/2019accepted
90
31935009/12/2008VulD...cvss3_vuldb_prLsee CVSS documentation09/12/2008accepted
60
31934909/12/2008VulD...cvss2_vuldb_auSsee CVSS documentation09/12/2008accepted
60
31934809/12/2008VulD...cvss3_vuldb_rcXsee CVSS documentation09/12/2008accepted
90
31934709/12/2008VulD...cvss3_vuldb_rlOsee CVSS documentation09/12/2008accepted
90
31934609/12/2008VulD...cvss3_vuldb_eXsee CVSS documentation09/12/2008accepted
90
31934509/12/2008VulD...cvss2_vuldb_rcNDsee CVSS documentation09/12/2008accepted
90
31934409/12/2008VulD...cvss2_vuldb_rlOFsee CVSS documentation09/12/2008accepted
90
31934309/12/2008VulD...cvss2_vuldb_eNDsee CVSS documentation09/12/2008accepted
90
31934109/12/2008VulD...expertEine klassische Lücke mit klassischem Impact: Während die Lücke sicherlich nicht hochkritisch einzustufen ist, sollten Administratoren betroffener Systeme sich bereithalten um einen allfälligen Patch zeitnah einspielen zu können.09/12/2008accepted
100
31934009/12/2008VulD...descriptionStingray FTS ist ein File Transfer Server, der zum Verschieben von Dateien über beliebige Netzwerke verwendet werden kann. Marc Ruef der scip AG fand eine Schwachstelle, bei der durch fehlende Eingabevalidierung im Login-Dokument beliebiger Scriptcode im Kontext der Applikation zur Ausführung gebracht werden kann. Dadurch lassen sich klassische webbasierte Angriffsvektoren ausnutzen.09/12/2008accepted
100
31933909/12/2008VulD...affectedStringray FTS09/12/2008accepted
100
31933809/12/2008VulD...titlePro2col StingRay FTS Username Cross-Site-Scripting09/12/2008accepted
100
31933709/12/2008VulD...nameUpgrade09/12/2008accepted
100
31933609/12/2008VulD...price_0day$5k-$25ksee exploit price documentation09/12/2008accepted
100

33 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 33 results.

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!