Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before 4.17 allow remote authenticated users to inject arbitrary web script or HTML via (1) the WebFTP Overview "Create new directory". Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
XSS
Pd Admin
NVD
CVSS 2.0
3.5
EPSS
0.2%