Lucene search
MitreCVELIST:CVE-2022-27665HistoryApr 03, 2023 - 12:00 a.m.
CVE-2022-27665
2023-04-0300:00:00
mitre
www.cve.org
12
reflected xss
angularjs
progress ipswitch ws_ftp server 8.6.0
client-side template injection
execution of malicious code
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
Related
cve
cve
CVE-2022-27665
2023-04-03 14:15:07
prion
prion
Design/Logic Flaw
2023-04-03 14:15:00
nvd
nvd
CVE-2022-27665
2023-04-03 14:15:07
osv
osv
dex-oidc-2.35.3-1.1 on GA media
2024-06-15 00:00:00
nessus
nessus
Progress WS_FTP Server < 8.7.4, 8.8.0 < 8.8.2 Multiple Vulnerabilities
2023-10-04 00:00:00
thn
thn
rapid7blog
rapid7blog
Critical Vulnerabilities in WS_FTP Server
2023-09-29 13:33:05