Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-23372
HistoryDec 08, 2023 - 4:15 p.m.

CVE-2023-23372

2023-12-0816:15:15
CWE-79
[email protected]
web.nvd.nist.gov
12
cve-2023-23372
cross-site scripting
xss
qnap
vulnerability
security
network
injection
nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h4.5.4.2476 build 20230728 and later

Affected configurations

NVD
Node
qnapqtsMatch5.1.0.2348build_20230325
OR
qnapqtsMatch5.1.0.2399build_20230515
OR
qnapqtsMatch5.1.0.2418build_20230603
Node
qnapqtsMatch5.0.1.2034build_20220515
OR
qnapqtsMatch5.0.1.2079build_20220629
OR
qnapqtsMatch5.0.1.2131build_20220820
OR
qnapqtsMatch5.0.1.2137build_20220826
OR
qnapqtsMatch5.0.1.2145build_20220903
OR
qnapqtsMatch5.0.1.2173build_20221001
OR
qnapqtsMatch5.0.1.2194build_20221022
OR
qnapqtsMatch5.0.1.2234build_20221201
OR
qnapqtsMatch5.0.1.2248build_20221215
OR
qnapqtsMatch5.0.1.2277build_20230112
OR
qnapqtsMatch5.0.1.2346build_20230322
OR
qnapqtsMatch5.0.1.2376build_20230421
Node
qnapqtsMatch4.5.4.1715build_20210630
OR
qnapqtsMatch4.5.4.1723build_20210708
OR
qnapqtsMatch4.5.4.1741build_20210726
OR
qnapqtsMatch4.5.4.1787build_20210910
OR
qnapqtsMatch4.5.4.1800build_20210923
OR
qnapqtsMatch4.5.4.1892build_20211223
OR
qnapqtsMatch4.5.4.1931build_20220128
OR
qnapqtsMatch4.5.4.2012build_20220419
OR
qnapqtsMatch4.5.4.2117build_20220802
OR
qnapqtsMatch4.5.4.2280build_20230112
OR
qnapqtsMatch4.5.4.2374build_20230416
Node
qnapquts_heroMatchh5.1.0.2409build_20230525
Node
qnapquts_heroMatchh5.0.1.2045build_20220526
OR
qnapquts_heroMatchh5.0.1.2192build_20221020
OR
qnapquts_heroMatchh5.0.1.2248build_20221215
OR
qnapquts_heroMatchh5.0.1.2269build_20230104
OR
qnapquts_heroMatchh5.0.1.2277build_20230112
OR
qnapquts_heroMatchh5.0.1.2348build_20230324
OR
qnapquts_heroMatchh5.0.1.2376build_20230421
Node
qnapquts_heroMatchh4.5.4.1771build_20210825
OR
qnapquts_heroMatchh4.5.4.1800build_20210923
OR
qnapquts_heroMatchh4.5.4.1813build_20211006
OR
qnapquts_heroMatchh4.5.4.1848build_20211109
OR
qnapquts_heroMatchh4.5.4.1892build_20211223
OR
qnapquts_heroMatchh4.5.4.1951build_20220218
OR
qnapquts_heroMatchh4.5.4.1971build_20220310
OR
qnapquts_heroMatchh4.5.4.1991build_20220330
OR
qnapquts_heroMatchh4.5.4.2052build_20220530
OR
qnapquts_heroMatchh4.5.4.2138build_20220824
OR
qnapquts_heroMatchh4.5.4.2217build_20221111
OR
qnapquts_heroMatchh4.5.4.2272build_20230105
OR
qnapquts_heroMatchh4.5.4.2374build_20230417

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.0.1.2425 build 20230609",
        "status": "affected",
        "version": "5.0.x",
        "versionType": "custom"
      },
      {
        "lessThan": "5.1.0.2444 build 20230629",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "4.5.4.2467 build 20230718",
        "status": "affected",
        "version": "4.5.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.0.2424 build 20230609",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "h5.0.1.2515 build 20230907",
        "status": "affected",
        "version": "h5.0.x",
        "versionType": "custom"
      },
      {
        "lessThan": "h4.5.4.2476 build 20230728",
        "status": "affected",
        "version": "h4.5.x",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
openvas 2
prion 1
cvelist 1
nvd
nvd
CVE-2023-23372
2023-12-08 16:15:15
openvas
openvas
QNAP QTS XSS Vulnerability (QSA-23-40)
2023-12-11 00:00:00
QNAP QuTS hero XSS Vulnerability (QSA-23-40)
2023-12-11 00:00:00
prion
prion
Cross site scripting
2023-12-08 16:15:00
cvelist
cvelist
CVE-2023-23372 QTS, QuTS hero
2023-12-08 16:07:10

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON
Related for CVE-2023-23372
nvd1openvas2prion1cvelist1