Page 19 of 124 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710. Vulnerabilidad de scripting entre sitios (XSS) en dispositivos NAS de QNAP Systems Inc. • https://www.qnap.com/zh-tw/security-advisory/nas-201809-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. Vulnerabilidad de inyección de comandos en Music Station en versiones 5.1.2 y anteriores en QNAP QTS 4.3.3 y 4.3.4 podría permitir que atacantes remotos ejecuten comandos arbitrarios en la aplicación comprometida. • https://www.qnap.com/zh-tw/security-advisory/nas-201809-14 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. Vulnerabilidad de inyección de comandos en Helpdesk en versiones 1.1.21 y anteriores en QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios en la aplicación comprometida. • https://www.qnap.com/zh-tw/security-advisory/nas-201808-13 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. Vulnerabilidad Cross-Site Scripting (XSS) en App Center en QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223 y sus versiones anteriores podría permitir que los atacantes remotos inyecten código JavaScript. • https://www.qnap.com/en/security-advisory/nas-201805-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS. Vulnerabilidad de inyección de comandos en LDAP Server en QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios o instalen malware en el NAS. • http://www.securitytracker.com/id/1041141 https://www.qnap.com/zh-tw/security-advisory/nas-201806-19 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •