// For flags

CVE-2018-19953

QNAP NAS File Station Cross-Site Scripting Vulnerability

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.

Si es explotada, esta vulnerabilidad de tipo cross-site scripting podría permitir a atacantes remotos inyectar código malicioso. QNAP ya ha corregido el problema en las siguientes versiones de QTS. QTS versión 4.4.2.1231 en build 20200302; QTS versión 4.4.1.1201 en build 20200130; QTS versión 4.3.6.1218 en build 20200214; QTS versión 4.3.4.1190 en build 20200107; QTS versión 4.3.3.1161 en build 20200109; QTS versión 4.2.6 en build 20200109

A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

*Credits: Independent Security Evaluators
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-12-07 CVE Reserved
  • 2020-10-28 CVE Published
  • 2022-05-24 Exploited in Wild
  • 2022-06-14 KEV Due Date
  • 2023-11-01 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01 2020-11-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 < 4.2.6
Search vendor "Qnap" for product "Qts" and version " < 4.2.6"
-
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 >= 4.3.1.0013 < 4.3.3.1161
Search vendor "Qnap" for product "Qts" and version " >= 4.3.1.0013 < 4.3.3.1161"
-
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 >= 4.3.4 < 4.3.4.1190
Search vendor "Qnap" for product "Qts" and version " >= 4.3.4 < 4.3.4.1190"
-
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 >= 4.3.6 < 4.3.6.1218
Search vendor "Qnap" for product "Qts" and version " >= 4.3.6 < 4.3.6.1218"
-
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 >= 4.4.0 < 4.4.1.1201
Search vendor "Qnap" for product "Qts" and version " >= 4.4.0 < 4.4.1.1201"
-
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 >= 4.4.2 < 4.4.2.1231
Search vendor "Qnap" for product "Qts" and version " >= 4.4.2 < 4.4.2.1231"
-
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
-
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20170517
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20190322
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20190730
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20190921
Affected
Qnap
Search vendor "Qnap"
 Qts
Search vendor "Qnap" for product "Qts"
 4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20191107
Affected