CVE-2017-8304

MEDIUM

Accellion File Transfer Appliance < 9_12_40 - XSS

Title source: rule

Description

An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.

References (1)

Scores

CVSS v3 6.1
EPSS 0.0033
EPSS Percentile 55.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
accellion/file_transfer_appliance < 9_12_40
n/a/n/a
Published May 05, 2017
Tracked Since Feb 18, 2026