Reflected Cross-Site Scripting Vulnerabilities in Progress WS_FTP Server
CVE-2022-36967

6.1MEDIUM

Key Information:

Vendor: Progress
Status: Ipswitch Ws Ftp Server
Vendor: CVE Published:; 2 August 2022

What is CVE-2022-36967?

In Progress WS_FTP Server versions before 8.7.3, several reflected cross-site scripting (XSS) vulnerabilities have been discovered within the administrative web interface. These vulnerabilities allow a remote attacker to inject arbitrary JavaScript into the web session of a WS_FTP administrator. If exploited, this could enable attackers to execute malicious code within the context of the victim's browser, posing significant security risks.

References

https://www.progress.com/ws_ftp

x_refsource_MISC

https://community.progress.com/s/article/WS-FTP-Server-Cr...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2022
Vulnerability Reserved
Jul 27, 2022