CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28803 – Stored XSS Vulnerability in Q'center
https://notcve.org/view.php?id=CVE-2021-28803
01 Jul 2021 — This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004. Este problema afecta a: QNAP Systems Inc. Q'center versiones anteriores a 1.11.1004 • https://www.qnap.com/zh-tw/security-advisory/qsa-21-31 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.7EPSS: 0%CPEs: 10EXPL: 2CVE-2021-28807 – Post-Authentication Reflected XSS Vulnerability in Q'center
https://notcve.org/view.php?id=CVE-2021-28807
03 Jun 2021 — A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center v1.12.1012 and later QTS 4.3.6: Q’center v1.10.1004 and later QTS 4.3.3: Q’center v1.10.1004 and later QuTS hero h4.5.2: Q’center v1.12.1012 and later QuTScloud c4.5.4: Q’center v1.12.1012 and later Se ha reportado una vul... • https://www.qnap.com/zh-tw/security-advisory/qsa-21-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 62%CPEs: 1EXPL: 8CVE-2018-0706 – QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0706
11 Jul 2018 — Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information. Exposición de información privada en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados accedan a información sensible. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities. • https://packetstorm.news/files/id/148579 •
CVSS: 9.0EPSS: 76%CPEs: 1EXPL: 8CVE-2018-0707 – QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0707
11 Jul 2018 — Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Vulnerabilidad de inyección de comandos en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados ejecuten comandos arbitrarios. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilitie... • https://packetstorm.news/files/id/148579 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 66%CPEs: 1EXPL: 7CVE-2018-0708 – QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0708
11 Jul 2018 — Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Vulnerabilidad de inyección de comandos en networking en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados ejecuten comandos arbitrarios. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulne... • https://packetstorm.news/files/id/148515 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 39%CPEs: 1EXPL: 6CVE-2018-0709 – QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0709
11 Jul 2018 — Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Vulnerabilidad de inyección de comandos en date en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados ejecuten comandos arbitrarios. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities. • https://packetstorm.news/files/id/148515 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 24%CPEs: 1EXPL: 6CVE-2018-0710 – QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0710
11 Jul 2018 — Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Vulnerabilidad de inyección de comandos en SSH en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados ejecuten comandos arbitrarios. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities. • https://packetstorm.news/files/id/148515 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •