CVE-2023-40047
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
7.3 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.4%
In WS_FTP Server version prior to 8.8.2,Β a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Serverβs Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads.Β Once the cross-site scripting payload is successfully stored,Β Β an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
Affected configurations
Related
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
7.3 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.4%