CVE-2024-27126
published 2024-09-06CVE-2024-27126: A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
Notes Station 3 3.9.6 and later
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | notes_station_3 | >= 3.9.0 < 3.9.6 | 3.9.6 |
| qnap_systems_inc | notes_station_3 | >= 3.9.x < 3.9.6 | 3.9.6 |