CVE-2021-34358 – CSRF Vulnerability in QmailAgent
https://notcve.org/view.php?id=CVE-2021-34358
We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QmailAgent: QmailAgent versiones 3.0.2 ( 25/08/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-49 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-34357 – Reflected XSS Vulnerability in QmailAgent
https://notcve.org/view.php?id=CVE-2021-34357
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo de QNAP que ejecuta QmailAgent. Si es explotada, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QmailAgent: QmailAgent versión 3.0.2 (25/08/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •