Lucene search

[email protected]NVD:CVE-2010-2428

HistoryJun 24, 2010 - 12:17 p.m.

CVE-2010-2428

2010-06-2412:17:45

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.026

Percentile

90.3%

JSON

Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.

Affected configurations

Nvd

Node

wftpserverwing_ftp_serverRange≤3.5.0

wftpserverwing_ftp_serverMatch1.1

wftpserverwing_ftp_serverMatch1.2

wftpserverwing_ftp_serverMatch1.3

wftpserverwing_ftp_serverMatch1.4

wftpserverwing_ftp_serverMatch1.5

wftpserverwing_ftp_serverMatch1.6

wftpserverwing_ftp_serverMatch2.0

wftpserverwing_ftp_serverMatch2.1

wftpserverwing_ftp_serverMatch2.3

wftpserverwing_ftp_serverMatch2.4

wftpserverwing_ftp_serverMatch3.0.0

wftpserverwing_ftp_serverMatch3.1.0

wftpserverwing_ftp_serverMatch3.1.2

wftpserverwing_ftp_serverMatch3.2.0

wftpserverwing_ftp_serverMatch3.2.4

wftpserverwing_ftp_serverMatch3.2.8

wftpserverwing_ftp_serverMatch3.3.0

wftpserverwing_ftp_serverMatch3.3.4

wftpserverwing_ftp_serverMatch3.3.5

wftpserverwing_ftp_serverMatch3.4.0

wftpserverwing_ftp_serverMatch3.4.1

wftpserverwing_ftp_serverMatch3.4.2

wftpserverwing_ftp_serverMatch3.4.3

wftpserverwing_ftp_serverMatch3.4.5

AND

microsoftwindows

VendorProductVersionCPE
wftpserverwing_ftp_server*cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:*
wftpserverwing_ftp_server1.1cpe:2.3:a:wftpserver:wing_ftp_server:1.1:*:*:*:*:*:*:*
wftpserverwing_ftp_server1.2cpe:2.3:a:wftpserver:wing_ftp_server:1.2:*:*:*:*:*:*:*
wftpserverwing_ftp_server1.3cpe:2.3:a:wftpserver:wing_ftp_server:1.3:*:*:*:*:*:*:*
wftpserverwing_ftp_server1.4cpe:2.3:a:wftpserver:wing_ftp_server:1.4:*:*:*:*:*:*:*
wftpserverwing_ftp_server1.5cpe:2.3:a:wftpserver:wing_ftp_server:1.5:*:*:*:*:*:*:*
wftpserverwing_ftp_server1.6cpe:2.3:a:wftpserver:wing_ftp_server:1.6:*:*:*:*:*:*:*
wftpserverwing_ftp_server2.0cpe:2.3:a:wftpserver:wing_ftp_server:2.0:*:*:*:*:*:*:*
wftpserverwing_ftp_server2.1cpe:2.3:a:wftpserver:wing_ftp_server:2.1:*:*:*:*:*:*:*
wftpserverwing_ftp_server2.3cpe:2.3:a:wftpserver:wing_ftp_server:2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wftpserver	wing_ftp_server	*	cpe:2.3:a:wftpserver:wing_ftp_server::::::::
wftpserver	wing_ftp_server	1.1	cpe:2.3:a:wftpserver:wing_ftp_server:1.1:::::::*
wftpserver	wing_ftp_server	1.2	cpe:2.3:a:wftpserver:wing_ftp_server:1.2:::::::*
wftpserver	wing_ftp_server	1.3	cpe:2.3:a:wftpserver:wing_ftp_server:1.3:::::::*
wftpserver	wing_ftp_server	1.4	cpe:2.3:a:wftpserver:wing_ftp_server:1.4:::::::*
wftpserver	wing_ftp_server	1.5	cpe:2.3:a:wftpserver:wing_ftp_server:1.5:::::::*
wftpserver	wing_ftp_server	1.6	cpe:2.3:a:wftpserver:wing_ftp_server:1.6:::::::*
wftpserver	wing_ftp_server	2.0	cpe:2.3:a:wftpserver:wing_ftp_server:2.0:::::::*
wftpserver	wing_ftp_server	2.1	cpe:2.3:a:wftpserver:wing_ftp_server:2.1:::::::*
wftpserver	wing_ftp_server	2.3	cpe:2.3:a:wftpserver:wing_ftp_server:2.3:::::::*

Rows per page:

1-10 of 261

References

archives.neohapsis.com/archives/bugtraq/2010-06/0031.html

labs-werew01f.sectester.net/2010/06/wing-ftp-server-cross-site-scripting.html

seclists.org/fulldisclosure/2010/Jun/128

seclists.org/fulldisclosure/2010/Jun/49

www.osvdb.org/65444

www.securityfocus.com/bid/40510

exchange.xforce.ibmcloud.com/vulnerabilities/59094

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.026

Percentile

90.3%

JSON

Related for NVD:CVE-2010-2428

cve1 prion1 cvelist1 nessus1 openvas2