CVE-2023-40047

Name of the Vulnerable Software and Affected Versions WS FTP Server versions 8.8.0 through 8.8.1

Description A stored cross-site scripting (XSS) vulnerability exists in WS FTP Server's Management module. This issue is related to the handling of SSL certificate parameters. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads, which could then be used to target WS FTP Server admins with a specialized payload. This payload results in the execution of malicious JavaScript within the context of the victim's browser.

Recommendations For WS FTP Server versions 8.8.0 through 8.8.1, update to version 8.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Management module to minimize the risk of exploitation. Avoid importing SSL certificates with unknown or untrusted attributes until the issue is resolved.