CVE-2019-7185

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 56.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Music Station

Timeline

PublishedDec 5

Latest updateMay 24

Description

This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDqnap/music_station< 5.3.5+2

▶CVEListV5qnap_nas_devices_running_music_stationQTS 4.4.1: Music Station before version 5.3.5, QTS 4.3.6 - QTS 4.4.0: Music Station before version 5.2.7, QTS 4.3.0 - QTS 4.3.4: Music Station before version 5.1.11

🔴Vulnerability Details

GHSA

GHSA-c4gw-w6f2-29hh: This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator�s management↗2022-05-24

▶

CVEList

CVE-2019-7185: This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management↗2019-12-05

▶