1 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames. Una vulnerabilidad de tipo cross-site scripting (XSS) en la función "Zip content" de Element-IT HTTP Commander versión 3.1.9, permite a usuarios remotos autenticados inyectar scripts web o HTML arbitrarios por medio de nombres de archivos • https://www.element-it.com/products.aspx https://www.exploit-db.com/exploits/50645 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •