Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-03T00:00:00
Updated: 2024-11-27T14:47:52.255Z
Reserved: 2022-03-23T00:00:00
Link: CVE-2022-27665
Vulnrichment
Updated: 2024-08-03T05:32:59.927Z
NVD
Status : Modified
Published: 2023-04-03T14:15:07.327
Modified: 2024-11-21T06:56:07.853
Link: CVE-2022-27665
Redhat
No data.