CVE-2015-7676 – Ipswitch MOVEit DMZ 8.1 Persistent Cross Site Scripting

https://notcve.org/view.php?id=CVE-2015-7676

28 Jan 2016 — Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files. Ipswitch MOVEit File Transfer (anteriormente DMZ) 8.1 y versiones anteriores, cuando está configurado para soportar la vista del archivo en la descarga, permite a usuarios remotos autenticados llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) subiendo archivos HTML. Ipswi... • https://packetstorm.news/files/id/135458 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •