CVE-2018-19953
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
28/10/2020
Last modified:
12/03/2025
Description
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | 4.2.6 (excluding) | |
| cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | 4.3.1.0013 (including) | 4.3.3.1161 (excluding) |
| cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | 4.3.4 (including) | 4.3.4.1190 (excluding) |
| cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | 4.3.6 (including) | 4.3.6.1218 (excluding) |
| cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | 4.4.0 (including) | 4.4.1.1201 (excluding) |
| cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | 4.4.2 (including) | 4.4.2.1231 (excluding) |
| cpe:2.3:o:qnap:qts:4.2.6:-:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:* | ||
| cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page