Thomas Felder

**Name of the Vulnerable Software and Affected Versions** Wing FTP Server versions <= 7.2.0 **Description** The issue is related to improper encoding or escaping of output in the User Web Client of Wing FTP Server, allowing Cross-Site Scripting (XSS). **Recommendations** For versions <= 7.2.0, update to a version greater than 7.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the User Web Client until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wing FTP Server versions <= 7.2.0 **Description** Insecure default permissions in the Admin Web Client of Wing FTP Server allow for privilege escalation. **Recommendations** For versions <= 7.2.0, update to a version later than 7.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the Admin Web Client until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wing FTP Server versions <= 7.2.0 **Description** The issue is related to insecure storage of sensitive information in the User Web Client of Wing FTP Server, allowing information elicitation. **Recommendations** For versions <= 7.2.0, update to a version higher than 7.2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wing FTP Server versions <= 7.2.0 **Description** Weak access control in the Admin Web Client of Wing FTP Server allows for privilege escalation. **Recommendations** For versions <= 7.2.0, update to a version greater than 7.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the Admin Web Client until a patch is available.