Lucene search

[email protected]CVE-2010-2428

HistoryJun 24, 2010 - 12:17 p.m.

CVE-2010-2428

2010-06-2412:17:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-2428

cross-site scripting

xss

vulnerability

wing ftp server

windows

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.026 Low

EPSS

Percentile

90.3%

JSON

Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.

CPENameOperatorVersion
wftpserver:wing_ftp_serverwftpserver wing ftp serverle3.5.0
wftpserver:wing_ftp_serverwftpserver wing ftp servereq1.1
wftpserver:wing_ftp_serverwftpserver wing ftp servereq1.2
wftpserver:wing_ftp_serverwftpserver wing ftp servereq1.3
wftpserver:wing_ftp_serverwftpserver wing ftp servereq1.4
wftpserver:wing_ftp_serverwftpserver wing ftp servereq1.5
wftpserver:wing_ftp_serverwftpserver wing ftp servereq1.6
wftpserver:wing_ftp_serverwftpserver wing ftp servereq2.0
wftpserver:wing_ftp_serverwftpserver wing ftp servereq2.1
wftpserver:wing_ftp_serverwftpserver wing ftp servereq2.3

CPE	Name	Operator	Version
wftpserver:wing_ftp_server	wftpserver wing ftp server	le	3.5.0
wftpserver:wing_ftp_server	wftpserver wing ftp server	eq	1.1
wftpserver:wing_ftp_server	wftpserver wing ftp server	eq	1.2
wftpserver:wing_ftp_server	wftpserver wing ftp server	eq	1.3
wftpserver:wing_ftp_server	wftpserver wing ftp server	eq	1.4
wftpserver:wing_ftp_server	wftpserver wing ftp server	eq	1.5
wftpserver:wing_ftp_server	wftpserver wing ftp server	eq	1.6
wftpserver:wing_ftp_server	wftpserver wing ftp server	eq	2.0
wftpserver:wing_ftp_server	wftpserver wing ftp server	eq	2.1
wftpserver:wing_ftp_server	wftpserver wing ftp server	eq	2.3

Rows per page:

1-10 of 251

References

archives.neohapsis.com/archives/bugtraq/2010-06/0031.html

labs-werew01f.sectester.net/2010/06/wing-ftp-server-cross-site-scripting.html

seclists.org/fulldisclosure/2010/Jun/128

seclists.org/fulldisclosure/2010/Jun/49

www.osvdb.org/65444

www.securityfocus.com/bid/40510

exchange.xforce.ibmcloud.com/vulnerabilities/59094

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.026 Low

EPSS

Percentile

90.3%

JSON

Related for CVE-2010-2428

prion1 nessus1 openvas2 cvelist1