CVE-2017-13072 — Cross-site Scripting in Qnap APP Center IN QTS

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 49.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap APP Center IN QTS Qnap QTS

Timeline

PublishedJun 21

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5qnap/app_center_in_qtsApp Center in QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions

▶NVDqnap/qts4.2.6, 4.3.3, 4.3.4+2

🔴Vulnerability Details

GHSA

GHSA-9jm2-65cq-2572: Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4↗2022-05-14

▶

CVEList

CVE-2017-13072: Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4↗2018-06-21

▶