Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-38674
HistoryJan 07, 2022 - 2:15 a.m.

CVE-2021-38674

2022-01-0702:15:07
CWE-79
[email protected]
web.nvd.nist.gov
36
cve-2021-38674
xss
qts
quts hero
qutscloud
nvd
security vulnerability
remote code injection
patch
update

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

42.6%

JSON

A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later

Affected configurations

NVD
Node
qnapqtsRange<4.5.4.1787
OR
qnapquts_heroRange<h4.5.4.1771
OR
qnapqutscloudRange<c4.5.7.1864

CNA Affected

[
  {
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h4.5.4.1771 build 20210825",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.5.4.1787 build 20210910",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c4.5.7.1864",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

openvas 3
cvelist 1
nvd 1
prion 1
cnvd 1
openvas
openvas
QNAP QuTScloud XSS Vulnerability (QSA-21-63)
2022-05-27 00:00:00
QNAP QTS XSS Vulnerability (QSA-21-63)
2022-01-11 00:00:00
QNAP QuTS hero XSS Vulnerability (QSA-21-63)
2022-05-30 00:00:00
cvelist
cvelist
CVE-2021-38674 Reflected XSS Vulnerability in TFTP
2022-01-06 00:00:00
nvd
nvd
CVE-2021-38674
2022-01-07 02:15:07
prion
prion
Cross site scripting
2022-01-07 02:15:00
cnvd
cnvd
QNAP Systems QUTS Hero Cross-Site Scripting Vulnerability
2022-01-07 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

42.6%

JSON
Related for CVE-2021-38674
openvas3cvelist1nvd1prion1cnvd1