CVE-2025-62857 — Cross-site Scripting in Systems INC Qumagie

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

2.2LOWNVD

EPSS

0.1%

top 72.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Qumagie Qnap Qumagie

Timeline

PublishedJan 2

Description

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N

Affected Packages2 packages

▶NVDqnap/qumagie2.0.0 — 2.8.1

▶CVEListV5qnap_systems_inc/qumagie2.x — 2.8.1

🔴Vulnerability Details

CVEList

QuMagie↗2026-01-02

▶

GHSA

GHSA-mwv4-qf7c-vfg5: A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie↗2026-01-02

▶