CVE-2021-38677Cross-site Scripting in Systems INC Qcalagent

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
CNA5.3
EPSS
0.3%
top 44.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QcalagentQnap Qcalagent
Timeline
PublishedJan 14
Latest updateJan 15

Description

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDqnap/qcalagent< 1.1.7
CVEListV5qnap_systems_inc/qcalagentunspecified1.1.7

🔴Vulnerability Details

2
GHSA
GHSA-63xm-g7fg-g945: A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent2022-01-15
CVEList
Reflected XSS Vulnerability in QcalAgent2022-01-14
CVE-2021-38677 — Cross-site Scripting | cvebase