// For flags

CVE-2016-9500

The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to informaiton exposure

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.

El servidor Accellion FTP en versiones anteriores a FTA_9_12_220 emplea el componente de flash Accusoft Prizm Content, que contiene múltiples parámetros (customTabCategoryName, customButton1Image) que son vulnerables a Cross-Site Scripting (XSS).

*Credits: Thanks to Ashish Kamble for reporting this vulnerability.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-11-21 CVE Reserved
  • 2018-07-13 CVE Published
  • 2023-12-04 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Accellion
Search vendor "Accellion"
 Ftp Server
Search vendor "Accellion" for product "Ftp Server"
 < fta_9_12_220
Search vendor "Accellion" for product "Ftp Server" and version " < fta_9_12_220"
-
Affected