CVE-2023-23354

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
8.7HIGH
EPSS
0.2%
top 55.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Qulog CenterQnap Qulog Center
Timeline
PublishedDec 19

Description

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:NExploitability: 2.1 | Impact: 5.2

Affected Packages2 packages

CVEListV5qnap_systems_inc./qulog_center1.5.x.x1.5.0.738 ( 2023/03/06 )+2
NVDqnap/qulog_center< 1.5.0.738+2

🔴Vulnerability Details

2
CVEList
QuLog Center2024-12-19
GHSA
GHSA-3xqq-74gp-f73g: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions2024-12-19
CVE-2023-23354 (HIGH CVSS 8.7) | A cross-site scripting (XSS) vulner | cvebase.io