SBA Security Advisory – Monsta FTP – Stored Cross-Site Scripting (CVE-2020-14055)
Vulnerability Overview
Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding.
- Type of Vulnerability: Cross-site Scripting
- CVE ID: CVE-2020-14055
- CVSSv3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
- CVSSv3.1 Base Score: 8.2 (High)
Links
Credits
- David Lisa Gnedt (SBA-Research)