CVE-2020-27735

MEDIUM NUCLEI

Wftpserver Wing FTP Server - XSS

Title source: rule

Description

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.

Nuclei Templates (1)

Wing FTP 6.4.4 - Cross-Site Scripting

MEDIUMby pikpikcu

References (2)

[Exploit, Third Party Advisory] https://wshenk.blogspot.com/2021/01/xss-in-wing-ftps-web-interface-cve-2020.html

[Release Notes, Vendor Advisory] https://www.wftpserver.com/serverhistory.htm

Scores

CVSS v3 6.1

EPSS 0.5599

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

wftpserver/wing_ftp_server 6.4.4

Published Jan 26, 2021

Tracked Since Feb 18, 2026