// For flags

CVE-2024-1474

WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.

En las versiones del servidor WS_FTP anteriores a la 8.8.5, se identificaron problemas de Cross-Site Scripting Reflejado en varias entradas proporcionadas por el usuario en la interfaz administrativa del servidor WS_FTP.

*Credits: BugCrowd - mert, BugCrowd - isira_adithya
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-13 CVE Reserved
  • 2024-02-21 CVE Published
  • 2024-02-22 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
  • CAPEC-591: Reflected XSS
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Progress Software Coproration
Search vendor "Progress Software Coproration"
 WS FTP Server
Search vendor "Progress Software Coproration" for product "WS FTP Server"
 >= 8.8.0 < 8.8.5
Search vendor "Progress Software Coproration" for product "WS FTP Server" and version " >= 8.8.0 < 8.8.5"
en
Affected