Zucchetti · Zucchetti Axess X3/X3Bio · CVE-2026-30695
**Name of the Vulnerable Software and Affected Versions**
Zucchetti Axess access control devices versions XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+ (affected versions not specified)
**Description**
A Cross-Site Scripting (XSS) issue exists in the web-based configuration interface of Zucchetti Axess access control devices. The issue is due to insufficient input sanitization of the `dirBrowse` parameter within the `/file manager.cgi` API endpoint.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.