cbcvebase.
CVE-2019-19368
published 2019-12-16

CVE-2019-19368: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link…

PriorityP349medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
21.02%
97.3th percentile
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts

Affected

1 ranges
VendorProductVersion rangeFixed in
maxumrumpus

Detection & IOCsextracted from sources · hover to see the quote

url/Login?!'><sVg/OnLoAD=alert`1`//
path/Login
  • Google Dork can be used to identify exposed Rumpus FTP Web File Manager instances
  • Shodan Dork can be used to identify Rumpus FTP servers by their HTTP Server header
  • The XSS payload is reflected via the Login page query string; monitor HTTP GET requests to /Login containing script-injection patterns such as SVG/onload event handlers
  • Detection template checks for HTTP 200 response on GET request to /Login with the crafted XSS payload in the query string
  • ·Vulnerability is confirmed only on version 8.2.9.1; other versions are not specified as affected
  • ·The exploit was tested on both Windows and Mac platforms

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.