Maxum

maxum

29 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (29)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-55059 1Maxum 1Rumpus Nov 24, 2025 Nov 17, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55058 1Maxum 1Rumpus Nov 24, 2025 Nov 17, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CWE-20 Improper Input Validation
CVE-2025-55057 1Maxum 1Rumpus Nov 24, 2025 Nov 17, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple CWE-352 Cross-Site Request Forgery (CSRF)
CVE-2025-55056 1Maxum 1Rumpus Nov 24, 2025 Nov 17, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55055 1Maxum 1Rumpus Nov 24, 2025 Nov 17, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-46370 1Maxum 1Rumpus Apr 8, 2025 Jan 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.
CVE-2022-46369 1Maxum 1Rumpus Nov 21, 2024 Jan 12, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.
CVE-2022-46368 1Maxum 1Rumpus Nov 21, 2024 Jan 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.
CVE-2022-46367 1Maxum 1Rumpus Nov 21, 2024 Jan 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.
CVE-2022-39187 1Maxum 1Rumpus Nov 21, 2024 Jan 12, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.
CVE-2020-27576 1Maxum 1Rumpus Nov 21, 2024 Mar 8, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vu...Show more Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.Show less
CVE-2020-27575 1Maxum 1Rumpus Nov 21, 2024 Mar 8, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vu...Show more Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.Show less
CVE-2020-27574 1Maxum 1Rumpus Nov 21, 2024 Mar 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.
CVE-2020-12737 1Maxum 1Rumpus Nov 21, 2024 May 8, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server.
CVE-2019-19668 1Maxum 1Rumpus Ftp Nov 21, 2024 Feb 10, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html.
CVE-2019-19670 1Maxum 1Rumpus Ftp Nov 21, 2024 Feb 10, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTP...Show more A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html.Show less
CVE-2019-19669 1Maxum 1Rumpus Ftp Nov 21, 2024 Feb 10, 2020 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html.
CVE-2019-19667 1Maxum 1Rumpus Ftp Nov 21, 2024 Feb 10, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html.
CVE-2019-19666 1Maxum 1Rumpus Ftp Nov 21, 2024 Feb 10, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html.
CVE-2019-19661 1Maxum 1Rumpus Ftp Nov 21, 2024 Feb 10, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp.

12 Next