Home / Vulnerability Intelligence / CVE-2026-30695

CVE-2026-30695 - Vulnerability Analysis

N/a

Last Updated: March 18, 2026

Zucchetti Axess - Stored XSS

Published: March 18, 2026Updated: March 18, 2026PoC Available

Overview

Zucchetti Axess access control devices contain a stored XSS caused by improper sanitization of user input in the dirBrowse parameter of /file_manager.cgi, letting remote attackers execute scripts, exploit requires crafted request.

Severity & Score

Severity: N/a

Impact

Remote attackers can execute arbitrary scripts in users' browsers, potentially leading to session hijacking or unauthorized actions.

Mitigation

Update to the latest version with the vulnerability fixed.

References

http://firmware.com
http://zucchetti.com
https://github.com/iremnurylmz/CVE-2026-30695

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-30695
Severity: N/a
Type: stored_xss
Status: new

CVSS Metrics

N/A