CVE-2022-27665

Read Time:23 Second

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.

APPLE-SA-03-11-2025-4 visionOS 2.3.2

Posted by Apple Product Security via Fulldisclosure on Mar 20 APPLE-SA-03-11-2025-4 visionOS 2.3.2 visionOS 2.3.2 addresses the following issues. Information...

March 20, 2025

APPLE-SA-03-11-2025-3 macOS Sequoia 15.3.2

Posted by Apple Product Security via Fulldisclosure on Mar 20 APPLE-SA-03-11-2025-3 macOS Sequoia 15.3.2 macOS Sequoia 15.3.2 addresses the following...

March 20, 2025

APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2

Posted by Apple Product Security via Fulldisclosure on Mar 20 APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2 iOS 18.3.2 and iPadOS...

March 20, 2025

APPLE-SA-03-11-2025-1 Safari 18.3.1

Posted by Apple Product Security via Fulldisclosure on Mar 20 APPLE-SA-03-11-2025-1 Safari 18.3.1 Safari 18.3.1 addresses the following issues. Information...

March 20, 2025