Ipswitch Ws Ftp Server Progress Ipswitch Ws Ftp Server

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Progress Ipswitch Ws Ftp Server.

By the Year

In 2025 there have been 0 vulnerabilities in Progress Ipswitch Ws Ftp Server. Ipswitch Ws Ftp Server did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 1 6.10
2022 2 5.20
2021 0 0.00
2020 0 0.00
2019 1 5.30
2018 0 0.00

It may take a day or so for new Ipswitch Ws Ftp Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Progress Ipswitch Ws Ftp Server Security Vulnerabilities

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0

CVE-2022-27665 6.1 - Medium - April 03, 2023

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.

XSS

In Progress WS_FTP Server prior to version 8.7.3

CVE-2022-36968 4.3 - Medium - August 02, 2022

In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.

Session Riding

In Progress WS_FTP Server prior to version 8.7.3

CVE-2022-36967 6.1 - Medium - August 02, 2022

In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser.

XSS

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1

CVE-2019-12143 5.3 - Medium - June 11, 2019

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Progress Ws Ftp Server or by Progress? Click the Watch button to subscribe.

Progress
Vendor

subscribe