XSS in Microsoft Windows

CVE-2010-2428

Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.007 (73.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows
Wftpserver Wing_ftp_server — versions 3.1.2, 3.4.1, 1.6
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (Exploit, x_refsource_MISC)
65444 (x_refsource_OSVDB, vdb-entry)
40510 (vdb-entry, x_refsource_BID)
20100602 Wing FTP Server - Cross Site Scripting Vulnerability (mailing-list, Exploit, x_refsource_FULLDISC)
20100607 Re: Wing FTP Server - Cross Site Scripting Vulnerability (mailing-list, Exploit, x_refsource_FULLDISC)
20100602 Wing FTP Server - Cross Site Scripting Vulnerability (mailing-list, Exploit, x_refsource_BUGTRAQ)
wingftpserver-adminloginok-xss(59094) (vdb-entry, x_refsource_XF)