CVE-2025-58465

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
2.2LOW
EPSS
0.1%
top 84.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Download StationQnap Download Station
Timeline
PublishedNov 7

Description

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

Affected Packages2 packages

NVDqnap/download_station5.10.0.2915.10.0.305+1
CVEListV5qnap_systems_inc./download_station5.10.x5.10.0.305 ( 2025/09/16 )+1

🔴Vulnerability Details

2
GHSA
GHSA-g6vp-qx8j-gqr4: A cross-site scripting (XSS) vulnerability has been reported to affect Download Station2025-11-07
CVEList
Download Station2025-11-07
CVE-2025-58465 (LOW CVSS 2.2) | A cross-site scripting (XSS) vulner | cvebase.io