Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rumpus
(Maxum)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-01-12 | CVE-2022-39187 | Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors. | Rumpus | 6.1 | ||
| 2023-01-12 | CVE-2022-46367 | Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | Rumpus | 8.8 | ||
| 2023-01-12 | CVE-2022-46368 | Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | Rumpus | 8.8 | ||
| 2023-01-12 | CVE-2022-46369 | Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields. | Rumpus | 5.4 | ||
| 2023-01-12 | CVE-2022-46370 | Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification. | Rumpus | 7.5 | ||
| 2020-02-02 | CVE-2020-8514 | An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality. | Rumpus | 6.1 | ||
| 2021-03-08 | CVE-2020-27575 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation. | Rumpus | 8.8 | ||
| 2021-03-08 | CVE-2020-27576 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability. | Rumpus | 5.4 | ||
| 2021-03-08 | CVE-2020-27574 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user. | Rumpus | 8.8 | ||
| 2020-05-08 | CVE-2020-12737 | An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server. | Rumpus | N/A |