CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34357 – Reflected XSS Vulnerability in QmailAgent
https://notcve.org/view.php?id=CVE-2021-34357
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo de QNAP que ejecuta QmailAgent. Si es explotada, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QmailAgent: QmailAgent versión 3.0.2 (25/08/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38675 – Stored XSS Vulnerability in Image2PDF
https://notcve.org/view.php?id=CVE-2021-38675
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta Image2PDF. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Image2PDF: Image2PDF 2.1.5 (17/08/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34356 – Stored XSS Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34356
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 6.0.18 (01/09/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34355 – Stored XSS Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34355
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al NAS de QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 5.4.10 (19/08/2021) y posteriores, Photo Station 5.7.13 (19/08/2021) y posteriores, Photo Station 6.0.18 (01/09/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34354 – Stored Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34354
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo de QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 6.0.18 (01/09/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •