A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
Maxum
CVE-2022-46370
Rumpus – FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.
CVE-2022-46369
Rumpus – FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.
CVE-2022-46368
Rumpus – FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.
CVE-2022-46367
Rumpus – FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.
CVE-2022-39187
Rumpus – FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.