Wing FTP Server < 3.5.1 XSS

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a cross-site scripting

Description :

According to its banner, the remote host is running a version of Wing
FTP Server earlier than 3.5.1.

The web server included with such versions is affected by a cross-site
scripting vulnerability. By sending a specially crafted 'POST'
request to the admin web interface, an authenticated, remote attacker
may be able to leverage this issue to inject arbitrary HTML or script
code into a user's browser to be executed within the security context
of the affected site.

See also :

Solution :

Upgrade to Wing FTP Server 3.5.1 or later.

Risk factor :

Low / CVSS Base Score : 3.5
CVSS Temporal Score : 3.3
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 47698 ()

Bugtraq ID: 40510

CVE ID: CVE-2010-2428