CVE-2021-38675 – Stored XSS Vulnerability in Image2PDF

https://notcve.org/view.php?id=CVE-2021-38675

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta Image2PDF. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Image2PDF: Image2PDF 2.1.5 (17/08/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •