Title: Accellion File Transfert - Cross-Site Scripting Vulnerabilities
Criticality: Low (1/3)
Affected software: Accellion File Transfert FTA_7_0_135
Author: Eric BEAULIEU, eric.beaulieu \[at\] zebux.org, http:\\www.zebux.org
Discovery Date: 08-08-2008
Issue solved: 18-08-2008
>>Location URL: http://www.zebux.org/pub/Advisory/Advisory_Accellion_XSS_Vulnerability_200808.txt


Summary
-------
A vulnerability in Accellion File Transfert Appliance can be exploited by malicious people to conduct an XSS (Cross Site Scripting) attack on a vulnerable server.



Description
-----------
A vulnerability has been discover in Accelion "administrator forgot password html page", which could be exploited by malicious people to conduct cross-site scripting attacks. Input passssed to the "forgot password html page" is not properly sanitisied before being returned to the user.This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Example : 
	https://[Accelion web server]/courier/forgot_password.html/>"><script>alert(document.cookie)</script>


Solution
--------
Upgrade to version FTA_7_0_178


Workaround
----------
There is not workaround.


References
----------
FrSIRT Advisory: 
Bugtraq ID: 30796
Secunia Advisory ID: SA31572
CVE ID: CVE-2008-3850
Security Tracker: 
Osvdb : 47783


Timeline
--------
08-08-2008 - Vulnerability was been discovered
09-08-2008 - Detailed tests done and some scenearos were created
13-08-2008 - Vulnerability was confirmed
18-08-2008 - Vendor informed the stat of fix process
18-08-2006 - Vendor published the new version


Revision history
----------------
18-08-2008 - 1.0 - Advisory written
28-08-2008 - 1.1 - Update advisory with References