CVE Catalog

CVE-2026-22895

MediumCVSS 4.8
Published: Updated: Translated: NVD NIST

Summary

A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. A remote attacker with an administrator account can exploit this vulnerability to bypass security mechanisms or read application data.

Risk Assessment

The organization may be exposed to unauthorized access to data and the potential for application manipulation, leading to serious security consequences.

Recommendation

It is recommended to update QuFTP Service to version 1.4.3 or later, 1.5.2 or later, or 1.6.2 or later to mitigate this vulnerability.

Original NVD description (English source)

A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuFTP Service 1.4.3 and later QuFTP Service 1.5.2 and later QuFTP Service 1.6.2 and later

Vulnerability data from NVD (NIST) · CISA KEV · EPSS