Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
History

Wed, 27 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-03T00:00:00

Updated: 2024-11-27T14:47:52.255Z

Reserved: 2022-03-23T00:00:00

Link: CVE-2022-27665

cve-icon Vulnrichment

Updated: 2024-08-03T05:32:59.927Z

cve-icon NVD

Status : Modified

Published: 2023-04-03T14:15:07.327

Modified: 2024-11-21T06:56:07.853

Link: CVE-2022-27665

cve-icon Redhat

No data.