CVE-2023-32969 — Cross-site Scripting in Systems INC Quts Hero

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

CNA4.9

EPSS

0.2%

top 63.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Quts Hero Qnap Systems INC Qutscloud +3 more

Timeline

PublishedMar 8

Description

A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages6 packages

▶NVDqnap/quts_heroh5.1.0 — h5.1.4.2596+1

▶NVDqnap/qutscloudc5.0.0.1919 — c5.1.5.2651

▶CVEListV5qnap_systems_inc/quts_heroh5.1.x — h5.1.4.2596 build 20231128

▶CVEListV5qnap_systems_inc/qutscloudc5.x.x — c5.1.5.2651

▶NVDqnap/qts5.1.0 — 5.1.4.2596+1

🔴Vulnerability Details

CVEList

Network & Virtual Switch↗2024-03-08

▶

GHSA

GHSA-j32g-85qg-wf4w: A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch↗2024-03-08

▶