CVE-2020-8514: 
Rumpus vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in Rumpus 8.2.10 on macOS, identified as CVE-2020-8514. The vulnerability was discovered by Jayden Kaio Rivers and disclosed on February 1, 2020. The issue affects the rename folder functionality in the Rumpus FTP Web File Manager, allowing attackers to execute JavaScript code in the context of the web application (Pastebin, CVE Mitre).

The vulnerability exists in the rename folder functionality of Rumpus FTP Web File Manager. An attacker can exploit this by creating a folder with a specially crafted name and then triggering the rename function through the cog icon interface. When this action is performed, the browser interprets and executes the injected JavaScript code in the application's context (Pastebin).

The vulnerability allows for code execution and potential privilege escalation within the web application context. When successfully exploited, an attacker can execute arbitrary JavaScript code in the user's browser session, potentially leading to unauthorized access or manipulation of the application (Pastebin).

Users are advised to upgrade to a version newer than Rumpus 8.2.10. The vendor, Maxum, has been notified of the vulnerability and provides updated versions through their official website (Maxum Download).