Medium severity6.1NVD Advisory· Published May 5, 2017· Updated May 13, 2026

CVE-2017-8760

Description

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.

Affected products

Accellion/File Transfer Appliance
cpe:2.3:a:accellion:file_transfer_appliance:*:*:*:*:*:*:*:*
Range: <=9_12_40

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cbnvdExploitThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000