CVE-2019-7197 — Cross-site Scripting in Qnap QTS

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.3%

top 46.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap QTS

Timeline

PublishedDec 4

Latest updateMay 24

Description

A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDqnap/qts5 versions+4

🔴Vulnerability Details

GHSA

GHSA-f8vw-827h-ffmp: A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS↗2022-05-24

▶

CVEList

CVE-2019-7197: A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS↗2019-12-04

▶