Published: 02/10/2020 Updated: 08/10/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.

Vulnerable Product	Search on Vulmon	Subscribe to Product
secudos qiata fta

Qiata FTA versions 17019 and below suffer from a cross site scripting vulnerability ...

Full Disclosure mailing list archives   By Date By Thread </form>    [SYSS-2020-024] Qiata FTA - Persistent Cross-Site Scripting   Fro ...

This repository holds the advisory of the CVE-2020-14294

CVE-2020-14294 This vulnerablity was discovered and disclosed by me This repository will hold the advisory This repository is only for educational purposes Links Advisory SYSS-2020-024 Detailed writeup SySS Blog entry Vendor notice MITRE Entry NVD Entry

CWE-79 https://github.com/patrickhener/CVE-2020-14294 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-024.txt https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata http://seclists.org/fulldisclosure/2020/Sep/50 https://www.qiata.com https://nvd.nist.gov https://github.com/patrickhener/CVE-2020-14294 http://seclists.org/fulldisclosure/2020/Sep/50

CVE-2020-14294

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect