HTTPCS Advisory : HTTPCS112 Product : OurWebFTP Version : 5.3.5 Page : /index.php Variables : mwb_control2=Enter&mwa_control2=op:login&ftp_host=[VulnHTTPCS] Type : XSS Method : POST Description : A vulnerability has been discovered in OurWebFTP, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'ftp_host' parameter to '/index.php' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. References : https://www.httpcs.com/advisory/httpcs112 Credit : HTTPCS [Web Vulnerability Scanner] _______________________________________________ HTTPCS Advisory : HTTPCS113 Product : OurWebFTP Version : 5.3.5 Page : /index.php Variables : mwb_control2=Enter&mwa_control2=op:login&ftp_host=localhost&ftp_user=[VulnHTTPCS] Type : XSS Method : POST Description : A vulnerability has been discovered in OurWebFTP, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'ftp_user' parameter to '/index.php' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. References : https://www.httpcs.com/advisory/httpcs113 Credit : HTTPCS [Web Vulnerability Scanner] _______________________________________________ https://www.httpcs.com/advisories _______________________________________________ Twitter : http://twitter.com/HTTPCS_ Free web vulnerability scanner HTTPCS : https://www.httpcs.com/