CVE-2017-8760

MEDIUM

Accellion File Transfer Appliance < 9_12_40 - Cross-Site Scripting via auth_params Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-8760. PoCs published by Voraka.

AI-analyzed exploit summary This repository contains a Python-based exploit toolkit for CVE-2017-8759, which targets a remote code execution vulnerability in Microsoft .NET Framework. The toolkit generates malicious RTF files and delivers payloads (e.g., Meterpreter) via a remote server.

Description

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.

Exploits (1)

nomisec WORKING POC
by Voraka · poc
https://github.com/Voraka/cve-2017-8760

This repository contains a Python-based exploit toolkit for CVE-2017-8759, which targets a remote code execution vulnerability in Microsoft .NET Framework. The toolkit generates malicious RTF files and delivers payloads (e.g., Meterpreter) via a remote server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft .NET Framework (CVE-2017-8759)
No auth needed
Prerequisites: Python 2.7.13 · Metasploit (for payload generation) · Network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb

Scores

CVSS v3 6.1
EPSS 0.0112
EPSS Percentile 62.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
accellion/file_transfer_appliance < 9_12_40
Published May 05, 2017
Tracked Since Feb 18, 2026