Wing FTP 6.4.4 - Cross-Site Scripting

Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser. id: CVE-2020-27735 info: name: Wing FTP...

CVE-2020-27735

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser...

CVE-2020-27735

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser...

Cross site scripting

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser...

CVE-2020-27735

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser...

CVE-2020-27735

Wing FTP 6.4.4 web interface is vulnerable to a Cross‑Site Scripting (XSS) flaw. An arbitrary IFRAME can be injected into help pages via a crafted link, causing sandboxed HTML/JavaScript to execute in the victim’s browser. Affected component: the web interface of Wing FTP Server 6.4.4. Root cause...

Wing FTP Remote Code Execution

A remote code execution vulnerability exists in Wing FTP server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Wing FTP Server Authenticated Command Execution

This module exploits the embedded Lua interpreter in the admin web interface for versions 3.0.0 and above. When supplying a specially crafted HTTP POST request an attacker can use os.execute to execute arbitrary system commands on the target with SYSTEM privileges. This module requires Metasploit...

Wing FTP Server Multiple ZIP Commands Parsing Remote DoS

The remote FTP server is running a version of Wing FTP Server earlier than 4.1.1. As such, it is reportedly affected by an authenticated denial of service attack triggered when parsing multiple ZIP commands. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62976;...

Wing FTP Server SFTP Connection Unspecified DoS

The remote FTP server is running a version of Wing FTP Server earlier than 3.8.0. Such versions reportedly are affected by a denial of service vulnerability that can be triggered when handling SFTP connections. A remote, unauthenticated attacker may be able to leverage this issue to crash the...