An issue exists on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the malicious user to have site access with a bypass of the Same Origin Policy.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
accellion file transfer appliance |