CVE-2023-37875

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 12, 2023

Updated: Sep 14, 2023

CWE ID 116

CWE ID 79

Summary

CVE-2023-37875 is a newly disclosed vulnerability that affects the User Web Client component of Wing FTP Server. The flaw stems from an encoding issue that results in Cross-Site Scripting (XSS) attacks. Malicious actors can exploit this vulnerability to inject and execute malicious code in victims' web browsers, potentially leading to data theft or account takeover. Wing FTP Server versions prior to 7.2.0 are known to be affected. It is crucial that users upgrade to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r8dKS0
https://www.cve.org/CVERecord?id=CVE-2023-37875
https://nvd.nist.gov/vuln/detail/CVE-2023-37875

Back to Vulnerability Database

CVE-2023-37875

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations