An issue exists in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.
This repository holds the advisory of the CVE-2020-14294
CVE-2020-14294
This vulnerablity was discovered and disclosed by me This repository will hold the advisory
This repository is only for educational purposes
Links
Advisory SYSS-2020-024
Detailed writeup
SySS Blog entry
Vendor notice
MITRE Entry
NVD Entry