Cross-site Scripting Vulnerability in SurgeFTP Server Management Interface
CVE-2007-3769

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgeftp
Vendor: CVE Published:; 15 July 2007

What is CVE-2007-3769?

A cross-site scripting (XSS) vulnerability exists in the mirrored server management interface of SurgeFTP version 2.3a1. This flaw allows user-assisted, remote FTP servers to inject arbitrary web scripts or HTML content through a malformed response that lacks a status code. The injected content is reflected back to users in the error messages. This exploitation can lead to significant security risks, including unauthorized root access, by leveraging a series of steps that can create new FTP user accounts through crafted web scripts.

References

http://secunia.com/advisories/26061

third-party-advisoryx_refsource_SECUNIA

http://lists.grok.org.uk/pipermail/full-disclosure/attach...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/35378

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jul 15, 2007
Vulnerability Reserved
Jul 15, 2007

Netwin

What is CVE-2007-3769?

References

Timeline