Cross-Site Scripting Vulnerability in Wing FTP Server Admin Interface
CVE-2010-2428

Currently unrated

Key Information:

Vendor: Wftpserver
Status: Wing Ftp Server
Vendor: CVE Published:; 24 June 2010

What is CVE-2010-2428?

A cross-site scripting (XSS) vulnerability exists in the admin_loginok.html file of the Administrator web interface in Wing FTP Server, which can be exploited by remote attackers. By sending a specially crafted POST request, attackers are able to inject arbitrary web scripts or HTML, potentially allowing unauthorized actions and the hijacking of user sessions. This vulnerability highlights the importance of securing web interfaces against script injection attacks to ensure the integrity of web applications and the protection of sensitive data.

References

http://labs-werew01f.sectester.net/2010/06/wing-ftp-serve...

x_refsource_MISC

http://www.osvdb.org/65444

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/40510

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2010
Vulnerability Reserved
Jun 22, 2010

Wftpserver

What is CVE-2010-2428?

References

Timeline