CVE-2020-27735
MEDIUM NUCLEIWing FTP Server 6.4.4 - Cross-Site Scripting via Help Page IFRAME Injection
Title source: llmExploitation Summary
CVE-2020-27735 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.
Nuclei Templates (1)
Wing FTP 6.4.4 - Cross-Site Scripting
MEDIUMby pikpikcu
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.wftpserver.com/serverhistory.htm
Exploit, Third Party Advisory x_refsource_misc
https://wshenk.blogspot.com/2021/01/xss-in-wing-ftps-web-interface-cve-2020.html
Scores
CVSS v3
6.1
EPSS
0.0563
EPSS Percentile
91.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
wftpserver/wing_ftp_server
6.4.4
Published
Jan 26, 2021
Tracked Since
Feb 18, 2026