Lucene search

K
cve[email protected]CVE-2010-2428
HistoryJun 24, 2010 - 12:17 p.m.

CVE-2010-2428

2010-06-2412:17:45
CWE-79
web.nvd.nist.gov
29
cve-2010-2428
cross-site scripting
xss
vulnerability
wing ftp server
windows
nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.

Affected configurations

NVD
Node
wftpserverwing_ftp_serverRange3.5.0
OR
wftpserverwing_ftp_serverMatch1.1
OR
wftpserverwing_ftp_serverMatch1.2
OR
wftpserverwing_ftp_serverMatch1.3
OR
wftpserverwing_ftp_serverMatch1.4
OR
wftpserverwing_ftp_serverMatch1.5
OR
wftpserverwing_ftp_serverMatch1.6
OR
wftpserverwing_ftp_serverMatch2.0
OR
wftpserverwing_ftp_serverMatch2.1
OR
wftpserverwing_ftp_serverMatch2.3
OR
wftpserverwing_ftp_serverMatch2.4
OR
wftpserverwing_ftp_serverMatch3.0.0
OR
wftpserverwing_ftp_serverMatch3.1.0
OR
wftpserverwing_ftp_serverMatch3.1.2
OR
wftpserverwing_ftp_serverMatch3.2.0
OR
wftpserverwing_ftp_serverMatch3.2.4
OR
wftpserverwing_ftp_serverMatch3.2.8
OR
wftpserverwing_ftp_serverMatch3.3.0
OR
wftpserverwing_ftp_serverMatch3.3.4
OR
wftpserverwing_ftp_serverMatch3.3.5
OR
wftpserverwing_ftp_serverMatch3.4.0
OR
wftpserverwing_ftp_serverMatch3.4.1
OR
wftpserverwing_ftp_serverMatch3.4.2
OR
wftpserverwing_ftp_serverMatch3.4.3
OR
wftpserverwing_ftp_serverMatch3.4.5
AND
microsoftwindows

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

Related for CVE-2010-2428