CVE-2021-38674Cross-site Scripting in Systems INC Quts Hero

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
CNA4.2
EPSS
0.3%
top 47.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap Systems INC Qutscloud+3 more
Timeline
PublishedJan 7
Latest updateJan 8

Description

A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

NVDqnap/quts_hero< h4.5.4.1771
NVDqnap/qutscloud< c4.5.7.1864
CVEListV5qnap_systems_inc/quts_herounspecifiedh4.5.4.1771 build 20210825
CVEListV5qnap_systems_inc/qutscloudunspecifiedc4.5.7.1864
NVDqnap/qts< 4.5.4.1787

🔴Vulnerability Details

2
GHSA
GHSA-6m9q-p58f-wq5w: A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud2022-01-08
CVEList
Reflected XSS Vulnerability in TFTP2022-01-07
CVE-2021-38674 — Cross-site Scripting | cvebase