Cross-Site Scripting (XSS) Vulnerability in NetWin SurgeFTP Version 23f2

Cross-Site Scripting (XSS) Vulnerability in NetWin SurgeFTP Version 23f2

CVE-2017-17933 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.

Learn more about our Web App Pen Testing.