Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://crushftp.com/crush11wiki/Wiki.jsp?page=Update |
History
Fri, 13 Dec 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'. | |
Title | Stored XSS in CrushFTP | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ENISA
Published: 2024-12-13T13:46:54.204Z
Updated: 2024-12-13T20:41:28.545Z
Reserved: 2024-11-29T07:20:34.286Z
Link: CVE-2024-11986
Vulnrichment
No data.
NVD
Status : Received
Published: 2024-12-13T14:15:21.207
Modified: 2024-12-13T14:15:21.207
Link: CVE-2024-11986
Redhat
No data.