Cross-Site Scripting Vulnerability in NetWin SurgeFTP Web Manager
CVE-2017-17933

6.1MEDIUM

Key Information:

Vendor: Netwin
Status: Surgeftp
Vendor: CVE Published:; 29 December 2017

What is CVE-2017-17933?

The NetWin SurgeFTP Web Manager interface, accessible at TCP ports 7021 or 9021, contains a Cross-Site Scripting (XSS) vulnerability. This security issue arises from improper handling of user-supplied input through the classid, domainid, or username parameters, potentially allowing an attacker to execute arbitrary scripts in the context of the user's browser session.

References

https://packetstormsecurity.com/files/145572/NetWin-Surge...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 29, 2017
Vulnerability Reserved
Dec 27, 2017

Netwin

What is CVE-2017-17933?

References

CVSS V3.1

Timeline