CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41289 – QcalAgent
https://notcve.org/view.php?id=CVE-2023-41289
An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a QcalAgent. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados ejecutar comandos a través de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versión: QcalAgent 1.1.8 y posteriores • https://www.qnap.com/en/security-advisory/qsa-23-34 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38678 – Open Redirect Vulnerability in QcalAgent
https://notcve.org/view.php?id=CVE-2021-38678
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later Se ha informado de una vulnerabilidad de redireccionamiento abierto que afecta al dispositivo QNAP que ejecuta QcalAgent. Si es explotado, esta vulnerabilidad permite a atacantes redirigir a usuarios a una página no confiable que contiene malware. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QcalAgent: QcalAgent 1.1.7 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-60 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38677 – Reflected XSS Vulnerability in QcalAgent
https://notcve.org/view.php?id=CVE-2021-38677
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta QcalAgent. Si es explotado, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QcalAgent: QcalAgent 1.1.7 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-60 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •