cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-1474,https://securityvulnerability.io/vulnerability/CVE-2024-1474,Reflected Cross-Site Scripting Vulnerabilities in WS_FTP Server Administrative Interface,"A reflected cross-site scripting vulnerability has been identified in WS_FTP Server before version 8.8.5. This vulnerability arises from insufficient validation of user-supplied inputs within the administrative interface, allowing attackers to inject malicious scripts. Users interacting with the affected components may inadvertently expose their systems to potential exploits if they interact with crafted links. It is crucial for organizations utilizing WS_FTP Server to apply the latest updates and security patches to mitigate these risks.",Progress Software,WS_FTP Server,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-02-21T15:33:20.265Z,0 CVE-2023-42659,https://securityvulnerability.io/vulnerability/CVE-2023-42659,WS_FTP Server Arbitrary File Upload," In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application. ",Progress Software,Ws Ftp Server,9.1,CRITICAL,0.0008900000248104334,false,true,false,false,,false,false,2023-11-07T16:15:00.000Z,0 CVE-2023-40048,https://securityvulnerability.io/vulnerability/CVE-2023-40048,WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability," In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.",Progress Software,Ws Ftp Server,6.8,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2023-09-27T15:19:00.000Z,0 CVE-2023-40049,https://securityvulnerability.io/vulnerability/CVE-2023-40049,WS_FTP Server Information Disclosure via Directory Listing," In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.",Progress Software,Ws Ftp Server,5.3,MEDIUM,0.0010600000387057662,false,false,false,false,,false,false,2023-09-27T15:19:00.000Z,0 CVE-2023-42657,https://securityvulnerability.io/vulnerability/CVE-2023-42657,WS_FTP Server Directory Traversal," In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.  Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. ",Progress Software,Ws Ftp Server,9.9,CRITICAL,0.000750000006519258,false,false,false,false,,false,false,2023-09-27T15:19:00.000Z,0 CVE-2023-40046,https://securityvulnerability.io/vulnerability/CVE-2023-40046,WS_FTP Server SQL Injection via Administrative Interface," In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements. ",Progress Software,Ws Ftp Server,8.2,HIGH,0.0007399999885819852,false,false,false,false,,false,false,2023-09-27T15:18:00.000Z,0 CVE-2023-40045,https://securityvulnerability.io/vulnerability/CVE-2023-40045,WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability,"A reflected cross-site scripting (XSS) vulnerability has been identified in WS_FTP Server's Ad Hoc Transfer module for versions before 8.7.4 and 8.8.2. This vulnerability allows attackers to execute malicious JavaScript code in the browser of users interacting with the affected module. By crafting a specific payload, an attacker can exploit this flaw, potentially compromising user data or leading to further attacks. Users are advised to update their WS_FTP Server to the latest versions to mitigate this security risk.",Progress Software,Ws Ftp Server,8.3,HIGH,0.000750000006519258,false,false,false,false,,false,false,2023-09-27T15:18:00.000Z,0 CVE-2023-40047,https://securityvulnerability.io/vulnerability/CVE-2023-40047,WS_FTP Server Stored Cross-Site Scripting Vulnerability," In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads.  Once the cross-site scripting payload is successfully stored,  an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser. ",Progress Software,Ws Ftp Server,8.3,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2023-09-27T15:18:00.000Z,0 CVE-2023-40044,https://securityvulnerability.io/vulnerability/CVE-2023-40044,WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability,"A significant security vulnerability exists in the WS_FTP Server Ad Hoc Transfer module, affecting versions prior to 8.7.4 and 8.8.2. This vulnerability stems from improper .NET deserialization, allowing pre-authenticated attackers to execute arbitrary commands on the WS_FTP Server's operating system, potentially leading to unauthorized access and control over affected systems. Immediate action is recommended to mitigate risks associated with this severe flaw.",Progress Software,WS_FTP Server,8.8,HIGH,0.8645600080490112,true,true,true,true,true,false,false,2023-09-27T15:18:00.000Z,0