cbcvebase.
CVE-2023-32969
published 2024-03-08

CVE-2023-32969: A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated…

PriorityP421medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.33%
25.2th percentile
A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

Affected

8 ranges
VendorProductVersion rangeFixed in
qnapqts
qnapqts>= 5.1.0 < 5.1.4.25965.1.4.2596
qnapquts_hero
qnapquts_hero>= h5.1.0 < h5.1.4.2596h5.1.4.2596
qnapqutscloud>= c5.0.0.1919 < c5.1.5.2651c5.1.5.2651
qnap_systems_incqts>= 5.1.x < 5.1.4.2596 build 202311285.1.4.2596 build 20231128
qnap_systems_incquts_hero>= h5.1.x < h5.1.4.2596 build 20231128h5.1.4.2596 build 20231128
qnap_systems_incqutscloud>= c5.x.x < c5.1.5.2651c5.1.5.2651
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.