First published: Mon Apr 03 2023(Updated: )
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Progress Ws Ftp Server | =8.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-27665 is a reflected XSS vulnerability that exists in Progress Ipswitch WS_FTP Server 8.6.0.
CVE-2022-27665 can lead to the execution of malicious code and commands on the client due to improper handling of user-provided input.
The severity of CVE-2022-27665 is medium with a CVSS score of 6.1.
To fix CVE-2022-27665, it is recommended to upgrade Progress Ipswitch WS_FTP Server to a version that has addressed the vulnerability.
You can find more information about CVE-2022-27665 in the references: [link1], [link2], [link3].