CVE-2022-27665

Published: Apr 3, 2023

Modified: Nov 27, 2024

PUBLISHED

Description

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://docs.ipswitch.com/WS_FTP_Server2020/ReleaseNotes/index.htm

https://github.com/dievus/CVE-2022-27665

https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-27665

Description

Affected Products

References