CVE-2023-23357
published 2024-12-19CVE-2023-23357: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow…
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.5.0.738 ( 2023/03/06 ) and later
QuLog Center 1.4.1.691 ( 2023/03/01 ) and later
QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qulog_center | < 1.5.0.738 | 1.5.0.738 |
| qnap | qulog_center | < 1.3.1.645 | 1.3.1.645 |
| qnap | qulog_center | < 1.4.1.691 | 1.4.1.691 |
| qnap_systems_inc | qulog_center | >= 1.3.x.x < 1.3.1.645 ( 2023/02/22 ) | 1.3.1.645 ( 2023/02/22 ) |
| qnap_systems_inc | qulog_center | >= 1.4.x.x < 1.4.1.691 ( 2023/03/01 ) | 1.4.1.691 ( 2023/03/01 ) |
| qnap_systems_inc | qulog_center | >= 1.5.x.x < 1.5.0.738 ( 2023/03/06 ) | 1.5.0.738 ( 2023/03/06 ) |