CVE-2019-7197
https://notcve.org/view.php?id=CVE-2019-7197
A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version. Ha sido reportado que una vulnerabilidad de tipo cross-site scripting (XSS) almacenado afecta a múltiples versiones de QTS. Si es explotada, esta vulnerabilidad puede permitir a un atacante inyectar y ejecutar scripts en la consola del administrador. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-0730
https://notcve.org/view.php?id=CVE-2018-0730
This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. Esta vulnerabilidad de inyección de comandos en File Station permite a atacantes ejecutar comandos sobre el dispositivo afectado. Para corregir la vulnerabilidad, QNAP recomienda actualizar QTS a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-20 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2018-0729
https://notcve.org/view.php?id=CVE-2018-0729
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions. Esta vulnerabilidad de inyección de comandos en Music Station permite a atacantes ejecutar comandos sobre el dispositivo afectado. Para corregir la vulnerabilidad, QNAP recomienda actualizar Music Station a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-20 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •