CVE-2023-40045

Name of the Vulnerable Software and Affected Versions WS FTP Server versions 8.7.0 through 8.7.3 WS FTP Server versions 8.8.0 through 8.8.1

Description A reflected cross-site scripting (XSS) vulnerability exists in WS FTP Server's Ad Hoc Transfer module. This vulnerability can be leveraged by an attacker to target WS FTP Server users with a specialized payload, resulting in the execution of malicious JavaScript within the context of the victim's browser. The issue is related to the lack of protection of the web page structure.

Recommendations For WS FTP Server versions 8.7.0 through 8.7.3, update to version 8.7.4 or later. For WS FTP Server versions 8.8.0 through 8.8.1, update to version 8.8.2 or later. As a temporary workaround, consider restricting access to the Ad Hoc Transfer module until a patch is available.