Approved changes feed: RSS · Atom

cpe:2.3:a:biscom:secure_file_transfer:-:*:*:*:*:*:*:*

part: a version: - update: *

VendorBiscom (78e3e48f-e347-513c-aaf1-a719a739aaf4)
ProductSecure File Transfer (512e7a50-f05b-511b-9aa0-2354693a48c5)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-5247 vulnerable 2026-06-08 05:09:39.394272 Details available
Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. All versions of SFT prior to 5.1.1028 are affected. The fix version is 5.1.1028.
Published: 2017-07-18T18:00:00.000Z
Updated: 2024-08-05T14:55:35.883Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-5246 vulnerable 2026-06-08 05:09:39.393854 Details available
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.
Published: 2017-07-18T18:00:00.000Z
Updated: 2024-08-05T14:55:35.789Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.