Arbitrary IFRAME Injection in Wing FTP 6.4.4 Help Pages

Arbitrary IFRAME Injection in Wing FTP 6.4.4 Help Pages

CVE-2020-27735 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.

Learn more about our User Device Pen Test.