Lucene search

[email protected]CVE-2018-19943

HistoryOct 28, 2020 - 6:15 p.m.

CVE-2018-19943

2020-10-2818:15:12

CWE-80

CWE-79

[email protected]

web.nvd.nist.gov

818

In Wild

cve-2018-19943

xss

vulnerability

qnap

nas

qts 4.4.2.1270

qts 4.4.1.1261

qts 4.3.6.1263

qts 4.3.4.1282

qts 4.3.3.1252

qts 4.2.6

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

Affected configurations

NVD

Node

qnapqtsRange<4.2.6

qnapqtsRange4.3.1.0013–4.3.3.1252

qnapqtsRange4.3.4–4.3.4.1282

qnapqtsRange4.3.6–4.3.6.1263

qnapqtsRange4.4.0–4.4.1.1261

qnapqtsRange4.4.2–4.4.2.1270

qnapqtsMatch4.2.6-

qnapqtsMatch4.2.6build_20170517

qnapqtsMatch4.2.6build_20190322

qnapqtsMatch4.2.6build_20190730

qnapqtsMatch4.2.6build_20190921

qnapqtsMatch4.2.6build_20191107

qnapqtsMatch4.2.6build_20200109

qnapqtsMatch4.2.6build_20200421

qnapqtsMatch4.2.6build_20200611

qnapqtsMatch4.2.6build_20200821

CPENameOperatorVersion
qnap:qtsqnap qtslt4.2.6
qnap:qtsqnap qtslt4.3.3.1252
qnap:qtsqnap qtslt4.3.4.1282
qnap:qtsqnap qtslt4.3.6.1263
qnap:qtsqnap qtslt4.4.1.1261
qnap:qtsqnap qtslt4.4.2.1270

CPE	Name	Operator	Version
qnap:qts	qnap qts	lt	4.2.6
qnap:qts	qnap qts	lt	4.3.3.1252
qnap:qts	qnap qts	lt	4.3.4.1282
qnap:qts	qnap qts	lt	4.3.6.1263
qnap:qts	qnap qts	lt	4.4.1.1261
qnap:qts	qnap qts	lt	4.4.2.1270

CNA Affected

[
  {
    "platforms": [
      "build 20200410"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.4.2.1270",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200330"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.4.1.1261",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.6.1263",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200408"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.4.1282",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200409"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.3.1252",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200421"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.2.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]