maxum 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、パス処理の欠陥, and バッファオーバーフロー に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-55059 | CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | [email protected] | 4.8 | 0.03% | 2025-11-17 | 2025-11-24 |
| CVE-2025-55058 | CWE-20 Improper Input Validation | [email protected] | 4.5 | 0.06% | 2025-11-17 | 2025-11-24 |
| CVE-2025-55057 | Multiple CWE-352 Cross-Site Request Forgery (CSRF) | [email protected] | 4.5 | 0.01% | 2025-11-17 | 2025-11-24 |
| CVE-2025-55056 | Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | [email protected] | 4.8 | 0.03% | 2025-11-17 | 2025-11-24 |
| CVE-2025-55055 | CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | [email protected] | 6.8 | 0.08% | 2025-11-17 | 2025-11-24 |
| CVE-2022-46370 | Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification. | [email protected] | 7.3 | 0.10% | 2023-01-12 | 2025-04-08 |
| CVE-2022-46369 | Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields. | [email protected] | 6.8 | 0.20% | 2023-01-12 | 2024-11-21 |
| CVE-2022-46368 | Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | [email protected] | 6.8 | 0.06% | 2023-01-12 | 2024-11-21 |
| CVE-2022-46367 | Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | [email protected] | 6.8 | 0.06% | 2023-01-12 | 2024-11-21 |
| CVE-2022-39187 | Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors. | [email protected] | 6.8 | 0.23% | 2023-01-12 | 2024-11-21 |
| CVE-2020-27576 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability. | [email protected] | 5.4 | 0.28% | 2021-03-08 | 2024-11-21 |
| CVE-2020-27575 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation. | [email protected] | 8.8 | 6.73% | 2021-03-08 | 2024-11-21 |
| CVE-2020-27574 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user. | [email protected] | 8.8 | 0.15% | 2021-03-08 | 2024-11-21 |
| CVE-2020-12737 | An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server. | [email protected] | 6.5 | 0.54% | 2020-05-08 | 2024-11-21 |
| CVE-2019-19668 | A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. | [email protected] | 4.3 | 0.16% | 2020-02-10 | 2024-11-21 |
| CVE-2019-19670 | A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html. | [email protected] | 6.1 | 0.33% | 2020-02-10 | 2024-11-21 |
| CVE-2019-19669 | A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. | [email protected] | 6.5 | 0.16% | 2020-02-10 | 2024-11-21 |
| CVE-2019-19667 | A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. | [email protected] | 5.4 | 0.16% | 2020-02-10 | 2024-11-21 |
| CVE-2019-19666 | A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. | [email protected] | 4.3 | 0.16% | 2020-02-10 | 2024-11-21 |
| CVE-2019-19661 | A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. | [email protected] | 6.1 | 0.17% | 2020-02-10 | 2024-11-21 |