CVE-2022-27665 Common Vulnerabilities and Exposures

Upstream information

CVE-2022-27665 at MITRE

Description

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`dex-oidc >= 2.35.3-1.1`	Patchnames: openSUSE Tumbleweed GA dex-oidc-2.35.3-1.1

SUSE Timeline for this CVE

CVE page created: Sun Oct 16 00:50:31 2022
CVE page last modified: Mon Apr 3 16:45:14 2023