CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-2491 – Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2020-2491
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later Esta vulnerabilidad de tipo cross-site scripting en Photo Station permite a atacantes remotos inyectar código malicioso. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Photo Station. QTS versión 4.5.1: Photo Station versión 6.0.12 y posterior, QTS versión 4.4.3: Photo Station versión 6.0.12 y posterior, QTS versión 4.3.6: Photo Station versión 5.7.12 y posterior, QTS versión 4.3.4: Photo Station versión 5.7.13 y posterior, QTS versión 4.3.3: Photo Station versión 5.4.10 y posterior, QTS versión 4.2.6: Photo Station versión 5.2.11 y posterior • https://www.qnap.com/en/security-advisory/qsa-20-15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2490
https://notcve.org/view.php?id=CVE-2020-2490
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. Si se explotaba, la vulnerabilidad de inyección de comandos podría permitir a atacantes remotos ejecutar comandos arbitrarios. Este problema afecta a: QNAP Systems Inc. • https://www.qnap.com/en/security-advisory/qsa-20-09 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2492
https://notcve.org/view.php?id=CVE-2020-2492
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. Si se explotaba, la vulnerabilidad de inyección de comandos podría permitir que atacantes remotos ejecutar comandos arbitrarios. Este problema afecta a: QNAP Systems Inc. • https://www.qnap.com/en/security-advisory/qsa-20-09 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-19952
https://notcve.org/view.php?id=CVE-2018-19952
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. Si es explotada, esta vulnerabilidad de inyección SQL podría permitir a atacantes remotos obtener información de la aplicación. Este problema afecta a: QNAP Systems Inc. • https://www.qnap.com/en/security-advisory/qsa-20-10 • CWE-20: Improper Input Validation CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-19951
https://notcve.org/view.php?id=CVE-2018-19951
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. Si es explotada, esta vulnerabilidad de secuencias de comandos entre sitios podría permitir a atacantes remotos inyectar código malicioso. Este problema afecta a: QNAP Systems Inc. • https://www.qnap.com/en/security-advisory/qsa-20-10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •