CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-2494 – Cross-site Scripting Vulnerability in Music Station
https://notcve.org/view.php?id=CVE-2020-2494
10 Dec 2020 — This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later Esta vulnerabilidad de tipo cross-site scripting en Music Station permite a atacantes remotos inyectar código malicioso. QNAP ya ha corregido esta vulnerabilidad en las siguientes ... • https://www.qnap.com/en/security-advisory/qsa-20-13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2019-7198 – Command Injection Vulnerability in QTS and QuTS hero
https://notcve.org/view.php?id=CVE-2019-7198
10 Dec 2020 — This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later Esta vulnerabilidad de inyección de comandos permite a atacantes ejecutar comandos arbitrarios en una aplicación comprometida. QNAP ya ha corregido esta vulnerabilidad en las ... • https://www.qnap.com/en/security-advisory/qsa-20-16 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-2491 – Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2020-2491
10 Dec 2020 — This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later Esta vulnerabilidad de tipo cross-site scripting en Photo Stati... • https://www.qnap.com/en/security-advisory/qsa-20-15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •