Cross-Site Scripting Vulnerability in NetWin SurgeFTP
CVE-2010-1068

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgeftp
Vendor: CVE Published:; 23 March 2010

What is CVE-2010-1068?

The vulnerability in NetWin SurgeFTP 2.3a6 allows attackers to exploit the surgeftpmgr.cgi script by injecting malicious web scripts or HTML code via the domainid and classid parameters during specific class actions. This could lead to unauthorized script execution in users' browsers, compromising sensitive information and leading to further attacks.

References

http://secunia.com/advisories/38097

third-party-advisoryx_refsource_SECUNIA

http://www.exploit-db.com/exploits/11092

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/55509

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 23, 2010
Vulnerability Reserved
Mar 23, 2010

Netwin

What is CVE-2010-1068?

References

Timeline