CVE-2013-0129

Pd-admin < 4.16 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before 4.17 allow remote authenticated users to inject arbitrary web script or HTML via (1) the WebFTP Overview "Create new directory" field or (2) the body of an e-mail autoresponder message.

References (2)

[US Government Resource] http://www.kb.cert.org/vuls/id/311644

[Various Sources] http://www.pdadmin-forum.de/thread.php?threadid=4051

Scores

EPSS 0.0021

EPSS Percentile 43.5%

Details

CWE

CWE-79

Status published

Products (2)

pd-admin/pd-admin < 4.16

n/a/n/a

Published Apr 19, 2013

Tracked Since Feb 18, 2026