CVE-2017-8793

HIGH Year: 2017
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-346
View all →

Vulnerability Description

An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy.

Related Vulnerabilities

CVE-2018-6654

HIGH
CVSS:8.8(High)

The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens i...

CWE-3462018

CVE-2020-11069

HIGH
CVSS:8.8(High)

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can b...

CWE-3462020

CVE-2020-1408

HIGH
CVSS:8.8(High)

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.

CWE-3462020

CVE-2020-24772

HIGH
CVSS:8.8(High)

In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. W...

CWE-3462020

CVE-2021-31718

HIGH
CVSS:8.8(High)

The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.

CWE-3462021

CVE-2022-22637

HIGH
CVSS:8.8(High)

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause une...

CWE-3462022