CVE-2026-22895
MediumCVSS 4.8Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. A remote attacker with an administrator account can exploit this vulnerability to bypass security mechanisms or read application data.
Risk Assessment
The organization may be exposed to unauthorized access to data and the potential for application manipulation, leading to serious security consequences.
Recommendation
It is recommended to update QuFTP Service to version 1.4.3 or later, 1.5.2 or later, or 1.6.2 or later to mitigate this vulnerability.
Original NVD description (English source)
A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuFTP Service 1.4.3 and later QuFTP Service 1.5.2 and later QuFTP Service 1.6.2 and later

