Qnap Download Station vulnerabilities
3 known vulnerabilities affecting qnap/download_station.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1LOW2
Vulnerabilities
Page 1 of 1
CVE-2025-58465LOWCVSS 2.2v5.10.0.291≥ 5.10.0.291, < 5.10.0.3052025-11-07
CVE-2025-58465 [LOW] CWE-79 CVE-2025-58465: A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
Download Station 5.10.0.305 ( 2025/09/16 ) and later
Downlo
nvd
CVE-2025-58463LOWCVSS 2.3v5.10.0.291≥ 5.10.0.291, < 5.10.0.3052025-11-07
CVE-2025-58463 [LOW] CWE-23 CVE-2025-58463: A relative path traversal vulnerability has been reported to affect Download Station. If a remote at
A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
Download Station 5.10.0.305 ( 2025/09/16 ) and late
nvd
CVE-2024-38640HIGHCVSS 7.0≥ 5.8.0, < 5.8.6.2832024-09-06
CVE-2024-38640 [HIGH] CWE-79 CVE-2024-38640: A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploite
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Download Station 5.8.6.283 ( 2024/06/21 ) and later
nvd