CVE-2023-40047 HIGH

CVE-2023-40047: WS_FTP Server Stored Cross-Site Scripting Vulnerability

Vendor Progress Software Corporation
Product WS_FTP Server
Weakness CWE-79 · XSS
Published September 27, 2023
Last update September 24, 2024

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads.  Once the cross-site scripting payload is successfully stored,  an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.

Key dates

02Disclosure timeline

September 27, 2023 CVE published
September 24, 2024 Record updated

Related vulnerabilities

04Related CVE