CVE-2020-14294

MEDIUM

Secudos Qiata FTA < 1.70.19 - Stored Cross-Site Scripting via Comment Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-14294. PoCs published by patrickhener.

AI-analyzed exploit summary This repository contains advisory information and links related to CVE-2020-14294, a vulnerability discovered and disclosed by the author. It does not include exploit code but provides references to external advisories and writeups.

Description

An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.

Exploits (1)

nomisec WRITEUP
by patrickhener · poc
https://github.com/patrickhener/CVE-2020-14294

This repository contains advisory information and links related to CVE-2020-14294, a vulnerability discovered and disclosed by the author. It does not include exploit code but provides references to external advisories and writeups.

Classification
Writeup 100%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Qiata file transfer solution (version not specified)
No auth needed
Prerequisites: Access to the advisory or writeup links
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory x_refsource_misc
https://github.com/patrickhener/CVE-2020-14294
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2020/Sep/50
Product, Vendor Advisory x_refsource_misc
https://www.qiata.com

Scores

CVSS v3 6.1
EPSS 0.0123
EPSS Percentile 65.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
secudos/qiata_fta < 1.70.19
Published Oct 02, 2020
Tracked Since Feb 18, 2026