CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-34360 – CSRF Bypass in Proxy Server
https://notcve.org/view.php?id=CVE-2021-34360
26 May 2022 — A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later Se ha informado de una vulnerabilidad de tipo cross-si... • https://www.qnap.com/en/security-advisory/qsa-22-18 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34361 – Reflected XSS Vulnerability in Proxy Server
https://notcve.org/view.php?id=CVE-2021-34361
25 Feb 2022 — A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo de QNAP que ejecuta Proxy Server. Si es explotado, esta vulnerabilidad permite a ataca... • https://www.qnap.com/en/security-advisory/qsa-22-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34359 – Stored XSS Vulnerability in Proxy Server
https://notcve.org/view.php?id=CVE-2021-34359
25 Feb 2022 — A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta Proxy Server. Si es explotado, esta vulnerabilidad permite a atacante... • https://www.qnap.com/en/security-advisory/qsa-22-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7635
https://notcve.org/view.php?id=CVE-2017-7635
05 Jun 2018 — QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections. El servidor proxy de la aplicación NAS de QNAP hasta la versión 1.2.0 no utiliza protecciones contra Cross-Site Request Forgery (CSRF). • http://www.securitytracker.com/id/1041025 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7636
https://notcve.org/view.php?id=CVE-2017-7636
05 Jun 2018 — Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML. Vulnerabilidad Cross-Site Scripting (XSS) en el servidor proxy de la aplicación NAS de QNAP hasta la versión 1.2.0 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios. • http://www.securitytracker.com/id/1041025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2017-7637
https://notcve.org/view.php?id=CVE-2017-7637
05 Jun 2018 — QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges. El servidor proxy de la aplicación NAS de QNAP hasta la versión 1.2.0 permite que los atacantes remotos ejecuten comandos arbitrarios del sistema operativo contra el sistema con privilegios root. • http://www.securitytracker.com/id/1041025 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7639
https://notcve.org/view.php?id=CVE-2017-7639
05 Jun 2018 — QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server. El servidor proxy de la aplicación NAS de QNAP hasta la versión 1.2.0 no autentica las peticiones correctamente. Su explotación con éxito puede provocar el cambio de la configuración del servidor proxy. • http://www.securitytracker.com/id/1041025 • CWE-287: Improper Authentication •