Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4555

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4555
Last Modified 15 Nov 2008 01:57:30
Published 27 Aug 2007 08:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4555

Summary

Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account.

Vulnerable Systems

Application

  • Ipswitch Ws Ftp


References

XF - ipswitch-wsftp-ftpcommand-xss(36237)

SECUNIA - 26529

OSVDB - 37961

FULLDISC - 20070823 Ipswitch FTP XSS leads to FTP server compromise

SREASON - 3068


Last Updated: 27 May 2016 10:45:54