CVE-2023-23372
QTS, QuTS hero
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h4.5.4.2476 build 20230728 and later
Se ha informado que una vulnerabilidad de Cross-Site Scripting (XSS) afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a los usuarios inyectar código malicioso a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2425 compilación 20230609 y posteriores QTS 5.1.0.2444 compilación 20230629 y posteriores QTS 4.5.4.2467 compilación 20230718 y posteriores QuTS hero h5.1.0.2424 compilación 20230609 y posteriores QuTS hero h5. 0.1.2515 compilación 20230907 y posteriores QuTS hero h4.5.4.2476 compilación 20230728 y posteriores
*Credits:
YC of the M1QLin security team
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-01-11 CVE Reserved
- 2023-12-08 CVE Published
- 2023-12-13 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
- CAPEC-63: Cross-Site Scripting (XSS)
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-23-40 | 2023-12-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.0.2348 Search vendor "Qnap" for product "Qts" and version "5.1.0.2348" | build_20230325 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.0.2399 Search vendor "Qnap" for product "Qts" and version "5.1.0.2399" | build_20230515 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.1.0.2418 Search vendor "Qnap" for product "Qts" and version "5.1.0.2418" | build_20230603 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2034 Search vendor "Qnap" for product "Qts" and version "5.0.1.2034" | build_20220515 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2079 Search vendor "Qnap" for product "Qts" and version "5.0.1.2079" | build_20220629 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2131 Search vendor "Qnap" for product "Qts" and version "5.0.1.2131" | build_20220820 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2137 Search vendor "Qnap" for product "Qts" and version "5.0.1.2137" | build_20220826 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2145 Search vendor "Qnap" for product "Qts" and version "5.0.1.2145" | build_20220903 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2173 Search vendor "Qnap" for product "Qts" and version "5.0.1.2173" | build_20221001 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2194 Search vendor "Qnap" for product "Qts" and version "5.0.1.2194" | build_20221022 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2234 Search vendor "Qnap" for product "Qts" and version "5.0.1.2234" | build_20221201 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2248 Search vendor "Qnap" for product "Qts" and version "5.0.1.2248" | build_20221215 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2277 Search vendor "Qnap" for product "Qts" and version "5.0.1.2277" | build_20230112 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2346 Search vendor "Qnap" for product "Qts" and version "5.0.1.2346" | build_20230322 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1.2376 Search vendor "Qnap" for product "Qts" and version "5.0.1.2376" | build_20230421 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1715 Search vendor "Qnap" for product "Qts" and version "4.5.4.1715" | build_20210630 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1723 Search vendor "Qnap" for product "Qts" and version "4.5.4.1723" | build_20210708 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1741 Search vendor "Qnap" for product "Qts" and version "4.5.4.1741" | build_20210726 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1787 Search vendor "Qnap" for product "Qts" and version "4.5.4.1787" | build_20210910 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1800 Search vendor "Qnap" for product "Qts" and version "4.5.4.1800" | build_20210923 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1892 Search vendor "Qnap" for product "Qts" and version "4.5.4.1892" | build_20211223 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.1931 Search vendor "Qnap" for product "Qts" and version "4.5.4.1931" | build_20220128 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.2012 Search vendor "Qnap" for product "Qts" and version "4.5.4.2012" | build_20220419 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.2117 Search vendor "Qnap" for product "Qts" and version "4.5.4.2117" | build_20220802 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.2280 Search vendor "Qnap" for product "Qts" and version "4.5.4.2280" | build_20230112 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.5.4.2374 Search vendor "Qnap" for product "Qts" and version "4.5.4.2374" | build_20230416 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.1.0.2409 Search vendor "Qnap" for product "Quts Hero" and version "h5.1.0.2409" | build_20230525 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.0.1.2045 Search vendor "Qnap" for product "Quts Hero" and version "h5.0.1.2045" | build_20220526 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.0.1.2192 Search vendor "Qnap" for product "Quts Hero" and version "h5.0.1.2192" | build_20221020 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.0.1.2248 Search vendor "Qnap" for product "Quts Hero" and version "h5.0.1.2248" | build_20221215 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.0.1.2269 Search vendor "Qnap" for product "Quts Hero" and version "h5.0.1.2269" | build_20230104 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.0.1.2277 Search vendor "Qnap" for product "Quts Hero" and version "h5.0.1.2277" | build_20230112 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.0.1.2348 Search vendor "Qnap" for product "Quts Hero" and version "h5.0.1.2348" | build_20230324 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h5.0.1.2376 Search vendor "Qnap" for product "Quts Hero" and version "h5.0.1.2376" | build_20230421 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1771 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1771" | build_20210825 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1800 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1800" | build_20210923 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1813 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1813" | build_20211006 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1848 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1848" | build_20211109 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1892 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1892" | build_20211223 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1951 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1951" | build_20220218 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1971 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1971" | build_20220310 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.1991 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.1991" | build_20220330 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2052 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2052" | build_20220530 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2138 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2138" | build_20220824 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2217 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2217" | build_20221111 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2272 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2272" | build_20230105 |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Quts Hero Search vendor "Qnap" for product "Quts Hero" | h4.5.4.2374 Search vendor "Qnap" for product "Quts Hero" and version "h4.5.4.2374" | build_20230417 |
Affected
| ||||||