CVE-2021-38674
published 2022-01-07CVE-2021-38674: A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers…
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.64%
46.0th percentile
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qts | < 4.5.4.1787 | 4.5.4.1787 |
| qnap | quts_hero | < h4.5.4.1771 | h4.5.4.1771 |
| qnap | qutscloud | < c4.5.7.1864 | c4.5.7.1864 |
| qnap_systems_inc | qts | >= unspecified < 4.5.4.1787 build 20210910 | 4.5.4.1787 build 20210910 |
| qnap_systems_inc | quts_hero | >= unspecified < h4.5.4.1771 build 20210825 | h4.5.4.1771 build 20210825 |
| qnap_systems_inc | qutscloud | >= unspecified < c4.5.7.1864 | c4.5.7.1864 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-07
Published