CVE-2021-44053Cross-site Scripting in Systems INC QTS

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
CNA5.7
EPSS
0.4%
top 37.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap Systems INC Qutscloud+3 more
Timeline
PublishedMay 5
Latest updateMay 6

Description

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

NVDqnap/quts_heroh5.0.0.1772h5.0.0.1986+1
CVEListV5qnap_systems_inc/quts_herounspecifiedh5.0.0.1986 build 20220324+1
NVDqnap/qutscloud< c5.0.1.1998
CVEListV5qnap_systems_inc/qutscloudunspecifiedc5.0.1.1949
NVDqnap/qts5.0.0.17165.0.0.1986+5

🔴Vulnerability Details

2
GHSA
GHSA-4j97-5qqj-cqrr: A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud2022-05-06
CVEList
Reflected XSS2022-05-05
CVE-2021-44053 — Cross-site Scripting | cvebase