CVE-2018-19953

🗓️ 28 Oct 2020 17:55:18Reported by qnapType

CVE-2018-19953 fixed in QNAP QTS version

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2018-19953	28 Oct 202000:00	–	attackerkb
Circl	CVE-2018-19953	8 Jun 202008:30	–	circl
CISA KEV Catalog	QNAP NAS File Station Cross-Site Scripting Vulnerability	24 May 202200:00	–	cisa_kev
CNVD	QNAP Systems TS-870 Cross-Site Scripting Vulnerability	5 Nov 202000:00	–	cnvd
Check Point Advisories	QNAP FileStation Cross Site Scripting (CVE-2018-19953)	7 Jun 202200:00	–	checkpoint_advisories
Cvelist	CVE-2018-19953	28 Oct 202017:55	–	cvelist
NVD	CVE-2018-19953	28 Oct 202018:15	–	nvd
OpenVAS	QNAP QTS Multiple Vulnerabilities (QSA-20-01)	26 Jun 202000:00	–	openvas
OSV	CVE-2018-19953	28 Oct 202018:15	–	osv
Prion	Cross site scripting	28 Oct 202018:15	–	prion

NVD

Node

qnap qtsRange<4.2.6

qnap qtsRange4.3.1.0013–4.3.3.1161

qnap qtsRange4.3.4–4.3.4.1190

qnap qtsRange4.3.6–4.3.6.1218

qnap qtsRange4.4.0–4.4.1.1201

qnap qtsRange4.4.2–4.4.2.1231

qnap qtsMatch4.2.6-

qnap qtsMatch4.2.6build_20170517

qnap qtsMatch4.2.6build_20190322

qnap qtsMatch4.2.6build_20190730

qnap qtsMatch4.2.6build_20190921

qnap qtsMatch4.2.6build_20191107

[
  {
    "platforms": [
      "build 20200302"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.4.2.1231",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200130"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.4.1.1201",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200214"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.6.1218",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200107"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.4.1190",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "build 20200109"
    ],
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.3.3.1161",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/zh-tw/security-advisory/qsa-20-01
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

03 Nov 2025 15:07Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 3.16.1

EPSS0.31524

SSVC

cve-2018-19953 cross-site scripting vulnerability qnap qts security fix remote code injection