CVE-2023-40045 HIGH

CVE-2023-40045: WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability

Vendor Progress Software Corporation
Product WS_FTP Server
Weakness CWE-79 · XSS
Published September 27, 2023
Last update September 24, 2024
View on NVD All CVEs

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module.  An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.

Key dates

02Disclosure timeline

September 27, 2023 CVE published
September 24, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-37265 WordPress IdeaPush plugin <= 8.60 - Cross Site Scripting (XSS) vulnerability CVE-2025-11827 Oboxmedia Ads <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-26537 WordPress WP No External Links Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) CVE-2025-40721 Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway CVE-2023-47766 WordPress Post Status Notifier Lite Plugin <= 1.11.0 is vulnerable to Cross Site Scripting (XSS)