Overview =============== Cerberus FTP Server (http://www.cerberusftp.com/) is a secure and reliable FTP server with many features and available functionality. It was discovered that the Web Administration interface has multiple persistent Cross Site Scripting (XSS) vulnerabilities. In the log viewer there is a XSS vulnerability which may be used by an unauthenticated user against an authenticated user. In the server manager a trivial XSS vulnerability exists which may be used by the authenticated user. Analysis =============== To start, the vulnerabilities in the on the "/servermanger" page is trivial to exploit by escaping the "