Home
LOW: 2.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:UDefault status
unaffected
1.4.x (custom) before 1.4.3
affected
1.5.x (custom) before 1.5.2
affected
1.6.x (custom) before 1.6.2
affected
Description
A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuFTP Service 1.4.3 and later QuFTP Service 1.5.2 and later QuFTP Service 1.6.2 and later
Problem types
Product status
1.4.x (custom) before 1.4.3
1.5.x (custom) before 1.5.2
1.6.x (custom) before 1.6.2
Credits
Milan Solanki (LeoSecurity)
References
www.qnap.com/en/security-advisory/qsa-26-15