← Back to CVE List

CVE-2023-40047

Published: 2023-09-27T15:18Z
Last Modified: 2024-11-21T08:18Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads.  Once the cross-site scripting payload is successfully stored,  an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt