Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-27665

Published: 03/04/2023 Updated: 01/02/2024
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Progress

Vulnerability Summary

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

progress ws ftp server 8.6.0

Vendor Advisories

Check Point Security Alerts: Progress Server Cross-Site Scripting (CVE-2022-27665)
Check Point Reference: CPAI-2022-2023 Date Published: 28 Feb 2024 Severity: Medium ...

Github Repositories

https://github.com/dievus/CVE-2022-27665

Reflected XSS via AngularJS Sandbox Escape Expressions in IPSwitch WS_FTP Server 8.6.0

CVE-2022-27665 A Reflected XSS via AngularJS Sandbox Escape Expressions vulnerability exists in Progress/IPSwitch WS_FTP Server 860 that can lead to execution of malicious code and commands on the client due to improper handling of user provided input By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-

References

CWE-79https://docs.ipswitch.com/WS_FTP_Server2020/ReleaseNotes/index.htmhttps://github.com/dievus/CVE-2022-27665https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023https://nvd.nist.govhttps://github.com/dievus/CVE-2022-27665https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2022-2023.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook