CVE-2009-4647
published 2010-02-19CVE-2009-4647: Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.07%
60.7th percentile
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| accellion | secure_file_transfer_appliance | — | — |
| accellion | secure_file_transfer_appliance | — | — |
| accellion | secure_file_transfer_appliance | — | — |
| accellion | secure_file_transfer_appliance | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Accellion Secure File Transfer Appliance 7 0 135 Audit Log Username cross site scripting (XFDB-56247 / BID-38176)
vuldb·2026-05-01·CVSS 4.3
CVE-2009-4647 [MEDIUM] Accellion Secure File Transfer Appliance 7 0 135 Audit Log Username cross site scripting (XFDB-56247 / BID-38176)
A vulnerability described as problematic has been identified in Accellion Secure File Transfer Appliance 7 0 135. This impacts an unknown function of the component Audit Log. Such manipulation of the argument Username leads to cross site scripting.
This vulnerability is documented as CVE-2009-4647. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.
GHSA
GHSA-994j-rh9r-7g2v: Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web sc
ghsa_unreviewed·2022-05-02
CVE-2009-4647 [MEDIUM] CWE-79 GHSA-994j-rh9r-7g2v: Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web sc
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/38522http://www.portcullis-security.com/339.phphttp://www.securityfocus.com/bid/38176https://exchange.xforce.ibmcloud.com/vulnerabilities/56247http://secunia.com/advisories/38522http://www.portcullis-security.com/339.phphttp://www.securityfocus.com/bid/38176https://exchange.xforce.ibmcloud.com/vulnerabilities/56247
2010-02-19
Published