CVE-2009-4647

Accellion Secure File Transfer Appliance <7.0.296 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.

References (4)

[Vendor Advisory] http://secunia.com/advisories/38522

[Exploit] http://www.portcullis-security.com/339.php

[Exploit] http://www.securityfocus.com/bid/38176

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/56247

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-79

Status published

Affected Products (5)

accellion/secure_file_transfer_appliance

n/a/n/a

Timeline

Published Feb 19, 2010

Tracked Since Feb 18, 2026