CVE-2026-22895

| EUVD-2026-13714 LOW
2026-03-20 qnap
2.2
CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 20, 2026 - 16:30 euvd
EUVD-2026-13714
Analysis Generated
Mar 20, 2026 - 16:30 vuln.today
CVE Published
Mar 20, 2026 - 16:21 nvd
LOW 2.2

Tags

XSS

Description

A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuFTP Service 1.4.3 and later QuFTP Service 1.5.2 and later QuFTP Service 1.6.2 and later

Analysis

A cross-site scripting (XSS) vulnerability exists in QuFTP Service that allows authenticated remote attackers with administrator credentials to bypass security mechanisms and read application data. The vulnerability affects multiple versions of QuFTP Service across different release branches (1.4.x, 1.5.x, and 1.6.x prior to specified patch versions). …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

During next maintenance window: Apply vendor patches when convenient. Verify cross-site scripting controls are in place.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

11
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +11
POC: 0

Share

CVE-2026-22895 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy