CVE-2010-1068
published 2010-03-23CVE-2010-1068: Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.07%
60.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netwin | surgeftp | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
NetWin surgeftp 2.3a6 surgeftpmgr.cgi classid cross site scripting (EDB-11092 / XFDB-55509)
vuldb·2026-05-03·CVSS 4.3
CVE-2010-1068 [MEDIUM] NetWin surgeftp 2.3a6 surgeftpmgr.cgi classid cross site scripting (EDB-11092 / XFDB-55509)
A vulnerability was found in NetWin surgeftp 2.3a6. It has been declared as problematic. Impacted is an unknown function of the file surgeftpmgr.cgi. Such manipulation of the argument classid leads to cross site scripting.
This vulnerability is referenced as CVE-2010-1068. It is possible to launch the attack remotely. Furthermore, an exploit is available.
GHSA
GHSA-h754-f9hm-wm7v: Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr
ghsa_unreviewed·2022-05-02
CVE-2010-1068 [MEDIUM] CWE-79 GHSA-h754-f9hm-wm7v: Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txthttp://secunia.com/advisories/38097http://www.exploit-db.com/exploits/11092https://exchange.xforce.ibmcloud.com/vulnerabilities/55509http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txthttp://secunia.com/advisories/38097http://www.exploit-db.com/exploits/11092https://exchange.xforce.ibmcloud.com/vulnerabilities/55509
2010-03-23
Published