CVE-2017-5241

MEDIUM

Biscom Secure File Transfer <5.1.1024 - XSS

Title source: llm

Description

Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99341

[Exploit, Third Party Advisory, VDB Entry] https://community.rapid7.com/community/infosec/blog/2017/06/27/r7-2017-06-biscom-sftp-xss-cve-2017-5241

[Various Sources] https://cve.biscom.com/bis-sft-cv-003/

Scores

CVSS v3 5.4

EPSS 0.0039

EPSS Percentile 59.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

biscom/secure_file_transfer < 5.1.1015

Biscom/Secure File Transfer < 5.0.0.0 trough 5.1.1024

Published Jun 28, 2017

Tracked Since Feb 18, 2026