CVE-2025-54168
published 2025-11-07CVE-2025-54168: A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit…
low2.2CVSS 4.0
AVNACLATNPRHUIPVCNVINVANSCHSIHSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following version:
QuLog Center 1.8.2.923 ( 2025/08/27 ) and later
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qulog_center | >= 1.8.0.872 < 1.8.2.923 | 1.8.2.923 |
| qnap_systems_inc | qulog_center | >= 1.8.x.x < 1.8.2.923 ( 2025/08/27 ) | 1.8.2.923 ( 2025/08/27 ) |