CVE-2023-37875

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 12, 2023
Updated: Sep 14, 2023
CWE ID 116
CWE ID 79

Summary

CVE-2023-37875 is a newly disclosed vulnerability that affects the User Web Client component of Wing FTP Server. The flaw stems from an encoding issue that results in Cross-Site Scripting (XSS) attacks. Malicious actors can exploit this vulnerability to inject and execute malicious code in victims' web browsers, potentially leading to data theft or account takeover. Wing FTP Server versions prior to 7.2.0 are known to be affected. It is crucial that users upgrade to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share