CVE-2023-23357

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.1%
top 64.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Qulog CenterQnap Qulog Center
Timeline
PublishedDec 19

Description

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5qnap_systems_inc./qulog_center1.5.x.x1.5.0.738 ( 2023/03/06 )+2
NVDqnap/qulog_center< 1.5.0.738+2

🔴Vulnerability Details

2
GHSA
GHSA-77mp-jg87-qc6g: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions2024-12-19
CVEList
QuLog Center2024-12-19
CVE-2023-23357 (MEDIUM CVSS 4.8) | A cross-site scripting (XSS) vulner | cvebase.io