CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

CWE 3 Total

Learn more

CWE-79: CWE-79 Cross-site Scripting (XSS)
CWE-80: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-749: CWE-749 Exposed Dangerous Method or Function

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
9.0	CRITICAL	3.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Product Status

Learn more

Versions 1 Total

Default Status: unknown

affected

Credits

TIM Security Red Team Research

References 1 Total

https://www.qnap.com/zh-tw/security-advisory/qsa-20-17
external site

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 1 Total

https://www.qnap.com/zh-tw/security-advisory/qsa-20-17
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: QNAP Systems, Inc.

Description

CWE 3 Total

CVSS 1 Total

Product Status

Credits

References 1 Total

CVE Program

References 1 Total