Vulnerability Description
In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Progress | Ipswitch Ws Ftp Server | < 8.7.3 |
Related Weaknesses (CWE)
References
- https://community.progress.com/s/article/WS-FTP-Server-Critical-Security-ProductVendor Advisory
- https://www.progress.com/ws_ftpProductVendor Advisory
- https://community.progress.com/s/article/WS-FTP-Server-Critical-Security-ProductVendor Advisory
- https://www.progress.com/ws_ftpProductVendor Advisory
FAQ
What is CVE-2022-36967?
CVE-2022-36967 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to injec...
How severe is CVE-2022-36967?
CVE-2022-36967 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36967?
Check the references section above for vendor advisories and patch information. Affected products include: Progress Ipswitch Ws Ftp Server.