Upstream information

CVE-2022-27665 at MITRE

Description

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • dex-oidc >= 2.35.3-1.1
Patchnames:
openSUSE-Tumbleweed-2024-12410


SUSE Timeline for this CVE

CVE page created: Sun Oct 16 00:50:31 2022
CVE page last modified: Tue Sep 3 19:25:34 2024