First published: Wed Sep 27 2023(Updated: )
In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site scripting payload is successfully stored, an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
Credit: security@progress.com security@progress.com
Affected Software | Affected Version | How to fix |
---|---|---|
Progress Ws Ftp Server | <8.8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this WS_FTP Server vulnerability is CVE-2023-40047.
The severity of CVE-2023-40047 is high with a CVSS score of 4.8.
WS_FTP Server versions prior to 8.8.2 are affected by CVE-2023-40047.
The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-79.
An attacker with administrative privileges can import a SSL certificate with malicious attributes containing cross-site scripting payloads in WS_FTP Server's Management module to exploit this vulnerability.