CNNVD-202602-207 Information
CNNVD ID
CNNVD-202602-207
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Rubikon Easy Transfer是Rubikon公司的一个文件传输应用。 Rubikon Easy Transfer v1.7版本存在跨站脚本漏洞,该漏洞源于在创建文件夹和移动/编辑功能中,对oldPath、newPath和path参数的输入验证不当,可能导致攻击者通过POST请求注入恶意脚本,从而在移动Web应用环境中执行任意JavaScript。
Description (English)
Rubikon EASY Transfer is a file transfer application for Rubikon. Rubikon EASY Transfer v1.7 has a cross-site script loophole, which stems from inappropriate input validation of the old Path, newPath and path parameters in the creation of folders and mobile/editing functions, which may result in the aggressor’s request being injected into a malicious script through POST, thereby implementing any JavaScript in the mobile Web application environment.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Rubikon
Published
2026-02-03
Last Modified
2026-02-24
References
https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078 https://www.exploit-db.com/exploits/48395 https://www.vulncheck.com/advisories/easy-transfer-for-ios-persistent-cross-site-scripting https://www.vulnerability-lab.com/get_content.php?id=2223
Share on: