CVE-2025-22483

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 77.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. License CenterQnap License Center
Timeline
PublishedAug 29

Description

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: License Center 1.8.51 and later License Center 1.9.51 and later

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H

Affected Packages2 packages

CVEListV5qnap_systems_inc./license_center1.8.x1.8.51+1
NVDqnap/license_center1.8.171.8.51+1

🔴Vulnerability Details

2
GHSA
GHSA-556x-fx4f-2hgg: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions2025-08-29
CVEList
License Center2025-08-29
CVE-2025-22483 (HIGH CVSS 7.1) | A cross-site scripting (XSS) vulner | cvebase.io