CVE-2010-2428 - OpenCVE

Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Wftpserver	Wing Ftp Server

Configuration 1 [-]

AND

OR	cpe:2.3:a:wftpserver:wing_ftp_server::::::::
	cpe:2.3:a:wftpserver:wing_ftp_server:1.1:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:1.2:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:1.3:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:1.4:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:1.5:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:1.6:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:2.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:2.1:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:2.3:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:2.4:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.0.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.1.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.1.2:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.2.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.2.4:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.2.8:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.3.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.3.4:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.3.5:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.4.0:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.4.1:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.4.2:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.4.3:::::::*
	cpe:2.3:a:wftpserver:wing_ftp_server:3.4.5:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2010-06/0031.html
http://labs-werew01f.sectester.net/2010/06/wing-ftp-server-cross-site-scripting.html
http://seclists.org/fulldisclosure/2010/Jun/128
http://seclists.org/fulldisclosure/2010/Jun/49
http://www.osvdb.org/65444
http://www.securityfocus.com/bid/40510
https://exchange.xforce.ibmcloud.com/vulnerabilities/59094

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-06-23T17:13:00

Updated: 2024-08-07T02:32:16.546Z

Reserved: 2010-06-22T00:00:00

Link: CVE-2010-2428

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-06-24T12:17:45.203

Modified: 2017-08-17T01:32:43.430

Link: CVE-2010-2428

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object