Cross-Site Scripting in Wing FTP by Tzunami
CVE-2020-27735

6.1MEDIUM

Key Information:

Vendor: Wftpserver
Status: Wing Ftp Server
Vendor: CVE Published:; 26 January 2021

What is CVE-2020-27735?

An XSS vulnerability was identified in Wing FTP version 6.4.4 that allows an attacker to embed an arbitrary IFRAME within the help pages. This can be exploited via specially crafted links, enabling the execution of sandboxed arbitrary HTML and JavaScript in the browser of the user. This poses significant risks, as attackers can manipulate the user interface and potentially extract sensitive information.

References

https://www.wftpserver.com/serverhistory.htm

x_refsource_MISC

https://wshenk.blogspot.com/2021/01/xss-in-wing-ftps-web-...

x_refsource_MISC

EPSS Score

37% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2021
Vulnerability Reserved
Oct 26, 2020

Wftpserver

What is CVE-2020-27735?

References

EPSS Score

CVSS V3.1

Timeline