Описание
In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site scripting payload is successfully stored, an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
Уязвимые конфигурации
EPSS
8.3 High
CVSS3
4.8 Medium
CVSS3
Дефекты
Связанные уязвимости
In WS_FTP Server version 8.8.0 prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site scripting payload is successfully stored, an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
Уязвимость модуля управления сервера WS_FTP Server, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS
8.3 High
CVSS3
4.8 Medium
CVSS3