← back
CVE-2016-9499

The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting.

EPSS 7.8%CWE-204
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
Affected products
Accellion · FTP Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.kb.cert.org/vuls/id/745607https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdfhttps://www.securityfocus.com/bid/96154