CVE-2018-19953
QNAP NAS File Station Cross-Site Scripting Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
Si es explotada, esta vulnerabilidad de tipo cross-site scripting podría permitir a atacantes remotos inyectar código malicioso. QNAP ya ha corregido el problema en las siguientes versiones de QTS. QTS versión 4.4.2.1231 en build 20200302; QTS versión 4.4.1.1201 en build 20200130; QTS versión 4.3.6.1218 en build 20200214; QTS versión 4.3.4.1190 en build 20200107; QTS versión 4.3.3.1161 en build 20200109; QTS versión 4.2.6 en build 20200109
A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-07 CVE Reserved
- 2020-10-28 CVE Published
- 2022-05-24 Exploited in Wild
- 2022-06-14 KEV Due Date
- 2023-11-01 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01 | 2020-11-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | < 4.2.6 Search vendor "Qnap" for product "Qts" and version " < 4.2.6" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | >= 4.3.1.0013 < 4.3.3.1161 Search vendor "Qnap" for product "Qts" and version " >= 4.3.1.0013 < 4.3.3.1161" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | >= 4.3.4 < 4.3.4.1190 Search vendor "Qnap" for product "Qts" and version " >= 4.3.4 < 4.3.4.1190" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | >= 4.3.6 < 4.3.6.1218 Search vendor "Qnap" for product "Qts" and version " >= 4.3.6 < 4.3.6.1218" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | >= 4.4.0 < 4.4.1.1201 Search vendor "Qnap" for product "Qts" and version " >= 4.4.0 < 4.4.1.1201" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | >= 4.4.2 < 4.4.2.1231 Search vendor "Qnap" for product "Qts" and version " >= 4.4.2 < 4.4.2.1231" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.2.6 Search vendor "Qnap" for product "Qts" and version "4.2.6" | - |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.2.6 Search vendor "Qnap" for product "Qts" and version "4.2.6" | build_20170517 |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.2.6 Search vendor "Qnap" for product "Qts" and version "4.2.6" | build_20190322 |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.2.6 Search vendor "Qnap" for product "Qts" and version "4.2.6" | build_20190730 |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.2.6 Search vendor "Qnap" for product "Qts" and version "4.2.6" | build_20190921 |
Affected
| ||||||
Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.2.6 Search vendor "Qnap" for product "Qts" and version "4.2.6" | build_20191107 |
Affected
|