Download
| Alert*
DSA-2414-1 fex -- insufficient input sanitization
Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters.
|