CVE-2024-27122
published 2024-09-06CVE-2024-27122: A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
Notes Station 3 3.9.6 and later
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | gitpod-io_gitpod | 0 – 0.8.0 | — |
| qnap | notes_station_3 | >= 3.9.0 < 3.9.6 | 3.9.6 |
| qnap_systems_inc | notes_station_3 | >= 3.9.x < 3.9.6 | 3.9.6 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv4.1MEDIUM