CVE-2018-0716Cross-site Scripting in Qnap Qsync Central

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 49.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Qsync CentralQnap QTS
Timeline
PublishedNov 30
Latest updateMay 14

Description

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5qnap/qsync_centralQTS 4.2.6 build 20180711, QTS 4.3.3 Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5 Qsync Central 3.0.4 and earlier versions
NVDqnap/qts4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-c872-gw93-ggqw: Cross-site scripting vulnerability in QTS 42022-05-14
CVEList
CVE-2018-0716: Cross-site scripting vulnerability in QTS 42018-11-30
CVE-2018-0716 — Cross-site Scripting in Qnap | cvebase