Qnap Qsync Central vulnerabilities

CVE-2024-50404 [MEDIUM] CWE-59 CVE-2024-50404: A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerab A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later

CVE-2023-47564 [HIGH] CWE-732 CVE-2023-47564: An incorrect permission assignment for critical resource vulnerability has been reported to affect Q An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central

CVE-2018-0716 [MEDIUM] CWE-79 CVE-2018-0716: Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.