CVE-2018-0719Cross-site Scripting in Systems INC QTS

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 54.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QTSQnap QTS
Timeline
PublishedNov 27
Latest updateMay 13

Description

Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages2 packages

CVEListV5qnap_systems_inc/qtsunspecified4.2.6+2
NVDqnap/qts4.2.6, 4.3.3, 4.3.4+2

🔴Vulnerability Details

2
GHSA
GHSA-j24j-rq5h-pr59: Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc2022-05-13
CVEList
Security Advisory for Vulnerabilities in QTS2018-11-27
CVE-2018-0719 — Cross-site Scripting in Systems INC QTS | cvebase