[CVE-2018-19953] QNAP NAS File Station Cross-Site Scripting Vulnerability

CISA KEV 정보

취약점명	QNAP NAS File Station Cross-Site Scripting Vulnerability
설명	A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
조치사항	Apply updates per vendor instructions.
랜섬웨어 캠페인 악용	Known
CWE	CWE-79 \| CWE-80
등록일 (KEV)	2022-05-24
조치 기한	2022-06-14
추가 참고	https://nvd.nist.gov/vuln/detail/CVE-2018-19953

NVD 상세 정보

CVSS v3.1: 6.1 MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

설명: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.

CWE: CWE-79 | CWE-80 | CWE-79

참조

https://www.qnap.com/zh-tw/security-advisory/qsa-20-01 [Vendor Advisory]
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01 [Vendor Advisory]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19953 [US Government Resource]

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2018-19953] QNAP NAS File Station Cross-Site Scripting Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍