DescriptionReflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
Overall state of this security issue: Does not affect SUSE productsNo SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA dex-oidc-2.35.3-1.1
SUSE Timeline for this CVECVE page created: Sun Oct 16 00:50:31 2022
CVE page last modified: Mon Apr 3 16:45:14 2023