Lucene search

[email protected]CVE-2007-4555

HistoryAug 28, 2007 - 12:17 a.m.

CVE-2007-4555

2007-08-2800:17:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-4555

cross-site scripting

xss

ipswitch ws_ftp

web script injection

html injection

administration interface

new admin account

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.2%

JSON

Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account.

Affected configurations

NVD

Node

ipswitchws_ftp

CPENameOperatorVersion
ipswitch:ws_ftpipswitch ws ftpeq*

CPE	Name	Operator	Version
ipswitch:ws_ftp	ipswitch ws ftp	eq	*

References

lists.grok.org.uk/pipermail/full-disclosure/2007-August/065441.html

osvdb.org/37961

secunia.com/advisories/26529

securityreason.com/securityalert/3068

exchange.xforce.ibmcloud.com/vulnerabilities/36237

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.2%

JSON

Related for CVE-2007-4555

prion1 cvelist1 nvd1