CVE-2019-7184Cross-site Scripting in Qnap Video Station

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 56.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qnap Video Station
Timeline
PublishedDec 5
Latest updateMay 24

Description

This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

NVDqnap/video_station< 5.4.3+1

🔴Vulnerability Details

2
GHSA
GHSA-98f4-whjp-x56x: This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator�s management2022-05-24
CVEList
CVE-2019-7184: This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management2019-12-05
CVE-2019-7184 — Cross-site Scripting in Qnap | cvebase