CVEs-PoC/2020/CVE-2020-27735.md

### [CVE-2020-27735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27735)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.

### POC

#### Reference
- https://wshenk.blogspot.com/2021/01/xss-in-wing-ftps-web-interface-cve-2020.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates