Login Sign Up

CVE-2023-40047

8.3 HIGH
Cross-Site Scripting

📋 TL;DR

This stored XSS vulnerability in WS_FTP Server allows attackers with administrative privileges to inject malicious JavaScript via SSL certificate imports. The malicious code executes in administrators' browsers when viewing certificate details, potentially compromising their sessions or performing unauthorized actions. Only WS_FTP Server administrators are directly affected.

💻 Affected Systems

Products:
  • Progress WS_FTP Server
Versions: All versions prior to 8.8.2
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrative privileges to import SSL certificates.

📦 What is this software?

Ws Ftp Server by Progress

View all CVEs affecting Ws Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account takeover leading to complete WS_FTP Server compromise, data exfiltration, or deployment of additional malware.

🟠

Likely Case

Session hijacking of administrator accounts, credential theft, or unauthorized configuration changes.

🟢

If Mitigated

Limited impact if administrators use separate accounts for certificate management and have strong session security.

🌐 Internet-Facing: MEDIUM - Requires administrative access, but internet-facing management interfaces increase exposure.
🏢 Internal Only: MEDIUM - Internal attackers with administrative privileges could exploit this.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires administrative access to import malicious certificates.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.8.2 and later

Vendor Advisory: https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

Restart Required: Yes

Instructions:

1. Download WS_FTP Server 8.8.2 or later from Progress website. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart WS_FTP Server services.

🔧 Temporary Workarounds

Restrict SSL Certificate Import

windows

Limit SSL certificate import capabilities to trusted administrators only.

Implement Content Security Policy

all

Add CSP headers to prevent XSS execution in management interface.

🧯 If You Can't Patch

  • Restrict administrative access to WS_FTP Server management interface to only essential personnel.
  • Monitor SSL certificate import activities and audit imported certificates for suspicious attributes.

🔍 How to Verify

Check if Vulnerable:

Check WS_FTP Server version in Management Console under Help > About.

Check Version:

Check via WS_FTP Server Management Console or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\WS_FTP Server\Version

Verify Fix Applied:

Verify version is 8.8.2 or later and test SSL certificate import functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SSL certificate import activities
  • Multiple failed login attempts followed by certificate imports

Network Indicators:

  • Unexpected JavaScript execution in management interface traffic

SIEM Query:

source="ws_ftp_logs" AND (event="certificate_import" OR event="ssl_update")

📊 Metadata

CVE ID: CVE-2023-40047
CVSS v3 Score: 8.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-79
Published: September 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40047, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)