CVE-2024-27122

CWE-79Cross-site Scripting (XSS)CWE-15CWE-5655 documents5 sources
Severity
5.4MEDIUM
EPSS
0.9%
top 24.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Notes Station 3Qnap Notes Station 3
Timeline
PublishedSep 6

Description

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:NExploitability: 2.1 | Impact: 4.2

Affected Packages2 packages

NVDqnap/notes_station_33.9.03.9.6
CVEListV5qnap_systems_inc./notes_station_33.9.x3.9.6

🔴Vulnerability Details

4
CVEList
Notes Station 32024-09-06
GHSA
GHSA-m3pg-3mfc-5r65: A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 32024-09-06
OSV
CVE-2024-21583 in github.com/gitpod-io/gitpod2024-07-22
GHSA
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing2024-07-19
CVE-2024-27122 (MEDIUM CVSS 5.4) | A cross-site scripting (XSS) vulner | cvebase.io