Qnap Qulog Center vulnerabilities

CVE-2025-54168 [LOW] CWE-79 CVE-2025-54168: A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote att A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.923 ( 2025/08/27 ) and later

CVE-2025-58469 [LOW] CWE-352 CVE-2025-58469: A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remo A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.927 ( 2025/09/17 ) and later

CVE-2024-53696 [MEDIUM] CWE-918 CVE-2024-53696: A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If expl A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.829 ( 2024/10/01 ) and later QuLog Center 1.8.0

CVE-2023-23354 [HIGH] CWE-79 CVE-2023-23354: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/

CVE-2023-23357 [MEDIUM] CWE-79 CVE-2023-23357: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.

CVE-2024-48862 [HIGH] CWE-59 CVE-2024-48862: A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerabi A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.831 ( 2024/10/15 ) and la

CVE-2024-32762 [HIGH] CWE-79 CVE-2024-32762: A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, t A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later

CVE-2020-36196 [MEDIUM] CWE-80 CVE-2020-36196: A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0.