CVE-2018-19951

CWE-79Cross-site Scripting (XSS)CWE-803 documents3 sources
Severity
6.1MEDIUM
EPSS
0.3%
top 49.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Music StationQnap Music Station
Timeline
PublishedNov 2
Latest updateMay 24

Description

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5qnap_systems_inc./music_stationunspecified5.1.13+2
NVDqnap/music_station5.3.05.3.11+2

🔴Vulnerability Details

2
GHSA
GHSA-4v82-25rx-c86g: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code2022-05-24
CVEList
CVE-2018-19951: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code2020-11-02
CVE-2018-19951 (MEDIUM CVSS 6.1) | If exploited | cvebase.io