cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-1474,https://securityvulnerability.io/vulnerability/CVE-2024-1474,Reflected Cross-Site Scripting Vulnerabilities in WS_FTP Server Administrative Interface,"A reflected cross-site scripting vulnerability has been identified in WS_FTP Server before version 8.8.5. This vulnerability arises from insufficient validation of user-supplied inputs within the administrative interface, allowing attackers to inject malicious scripts. Users interacting with the affected components may inadvertently expose their systems to potential exploits if they interact with crafted links. It is crucial for organizations utilizing WS_FTP Server to apply the latest updates and security patches to mitigate these risks.",Progress Software,WS_FTP Server,6.1,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-02-21T15:33:20.265Z,0 CVE-2023-42659,https://securityvulnerability.io/vulnerability/CVE-2023-42659,WS_FTP Server Arbitrary File Upload,"An issue has been identified in WS_FTP Server versions earlier than 8.7.6 and 8.8.4, where an authenticated Ad Hoc Transfer user can exploit an unrestricted file upload vulnerability. This flaw enables the user to issue a crafted API call, resulting in unauthorized file uploads to specified locations on the server's underlying operating system. This vulnerability poses significant risks, as it can lead to potential exploitation of the server environment.",Progress Software,Ws Ftp Server,9.1,CRITICAL,0.0008900000248104334,false,,true,false,false,,,false,false,,2023-11-07T16:15:00.000Z,0 CVE-2023-40048,https://securityvulnerability.io/vulnerability/CVE-2023-40048,WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability," In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.",Progress Software,Ws Ftp Server,6.8,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-09-27T15:19:00.000Z,0 CVE-2023-40049,https://securityvulnerability.io/vulnerability/CVE-2023-40049,WS_FTP Server Information Disclosure via Directory Listing," In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.",Progress Software,Ws Ftp Server,5.3,MEDIUM,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-09-27T15:19:00.000Z,0 CVE-2023-42657,https://securityvulnerability.io/vulnerability/CVE-2023-42657,WS_FTP Server Directory Traversal,"A directory traversal vulnerability exists in WS_FTP Server versions prior to 8.7.4 and 8.8.2, allowing attackers to perform unauthorized file operations. Attackers can exploit this flaw to access and manipulate files and directories beyond their designated WS_FTP folder path, potentially leading to the deletion, renaming, creation, or removal of files and folders within the underlying operating system.",Progress Software,Ws Ftp Server,9.9,CRITICAL,0.000750000006519258,false,,false,false,false,,,false,false,,2023-09-27T15:19:00.000Z,0 CVE-2023-40045,https://securityvulnerability.io/vulnerability/CVE-2023-40045,WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability,"A reflected cross-site scripting (XSS) vulnerability has been identified in WS_FTP Server's Ad Hoc Transfer module for versions before 8.7.4 and 8.8.2. This vulnerability allows attackers to execute malicious JavaScript code in the browser of users interacting with the affected module. By crafting a specific payload, an attacker can exploit this flaw, potentially compromising user data or leading to further attacks. Users are advised to update their WS_FTP Server to the latest versions to mitigate this security risk.",Progress Software,Ws Ftp Server,8.3,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-09-27T15:18:00.000Z,0 CVE-2023-40047,https://securityvulnerability.io/vulnerability/CVE-2023-40047,WS_FTP Server Stored Cross-Site Scripting Vulnerability,"A stored cross-site scripting (XSS) vulnerability affecting WS_FTP Server versions prior to 8.8.2 allows attackers with administrative access to import SSL certificates containing malicious attributes. This XSS payload can be stored in the server's Management module. Once successfully executed by an administrator, attackers can run malicious JavaScript in the context of the victim's browser, leading to unauthorized actions or data compromise.",Progress Software,Ws Ftp Server,8.3,HIGH,0.0005799999926239252,false,,false,false,false,,,false,false,,2023-09-27T15:18:00.000Z,0 CVE-2023-40044,https://securityvulnerability.io/vulnerability/CVE-2023-40044,WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability,"A significant security vulnerability exists in the WS_FTP Server Ad Hoc Transfer module, affecting versions prior to 8.7.4 and 8.8.2. This vulnerability stems from improper .NET deserialization, allowing pre-authenticated attackers to execute arbitrary commands on the WS_FTP Server's operating system, potentially leading to unauthorized access and control over affected systems. Immediate action is recommended to mitigate risks associated with this severe flaw.",Progress Software,Ws Ftp Server,8.8,HIGH,0.8750100135803223,true,2023-10-05T00:00:00.000Z,true,true,true,2023-10-02T14:55:38.000Z,true,false,false,,2023-09-27T15:18:00.000Z,0 CVE-2023-40046,https://securityvulnerability.io/vulnerability/CVE-2023-40046,WS_FTP Server SQL Injection via Administrative Interface,"A SQL injection vulnerability in the WS_FTP Server manager interface allows attackers to potentially infer the structure and content of the underlying database. By exploiting this weakness, an unauthorized party may gain the ability to execute arbitrary SQL statements, leading to unauthorized alteration or deletion of database elements. Users of WS_FTP Server versions before 8.7.4 and 8.8.2 are advised to upgrade to mitigate these risks.",Progress Software,Ws Ftp Server,8.2,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2023-09-27T15:18:00.000Z,0