Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-23372

🗓️ 08 Dec 2023 16:07:10Reported by qnapType 
cve
 cve🔗 web.nvd.nist.gov👁 45 Views

A cross-site scripting (XSS) vulnerability affects QNAP OS versions, allowing injection of malicious code via a network. Fixed in QTS 5.0.1.2425+, 5.1.0.2444+, 4.5.4.2467+, QuTS hero h5.1.0.2424+, h5.0.1.2515+, h4.5.4.2476

Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
Circl		CVE-2023-23372
31 Dec 202315:16
circl
CNNVD		QNAP Systems QTS and QuTS hero Cross-Site Scripting Vulnerability
8 Dec 202300:00
cnnvd
Cvelist		CVE-2023-23372 QTS, QuTS hero
8 Dec 202316:07
cvelist
EUVD		EUVD-2023-27472
3 Oct 202520:07
euvd
NVD		CVE-2023-23372
8 Dec 202316:15
nvd
OpenVAS		QNAP QTS XSS Vulnerability (QSA-23-40)
11 Dec 202300:00
openvas
OpenVAS		QNAP QuTS hero XSS Vulnerability (QSA-23-40)
11 Dec 202300:00
openvas
OSV		CVE-2023-23372
8 Dec 202316:15
osv
Prion		Cross site scripting
8 Dec 202316:15
prion
RedhatCVE		CVE-2023-23372
23 May 202502:36
redhatcve
Rows per page
NVD
Node
qnapqtsMatch5.1.0.2348build_20230325
OR
qnapqtsMatch5.1.0.2399build_20230515
OR
qnapqtsMatch5.1.0.2418build_20230603
Node
qnapqtsMatch5.0.1.2034build_20220515
OR
qnapqtsMatch5.0.1.2079build_20220629
OR
qnapqtsMatch5.0.1.2131build_20220820
OR
qnapqtsMatch5.0.1.2137build_20220826
OR
qnapqtsMatch5.0.1.2145build_20220903
OR
qnapqtsMatch5.0.1.2173build_20221001
OR
qnapqtsMatch5.0.1.2194build_20221022
OR
qnapqtsMatch5.0.1.2234build_20221201
OR
qnapqtsMatch5.0.1.2248build_20221215
OR
qnapqtsMatch5.0.1.2277build_20230112
OR
qnapqtsMatch5.0.1.2346build_20230322
OR
qnapqtsMatch5.0.1.2376build_20230421
Node
qnapqtsMatch4.5.4.1715build_20210630
OR
qnapqtsMatch4.5.4.1723build_20210708
OR
qnapqtsMatch4.5.4.1741build_20210726
OR
qnapqtsMatch4.5.4.1787build_20210910
OR
qnapqtsMatch4.5.4.1800build_20210923
OR
qnapqtsMatch4.5.4.1892build_20211223
OR
qnapqtsMatch4.5.4.1931build_20220128
OR
qnapqtsMatch4.5.4.2012build_20220419
OR
qnapqtsMatch4.5.4.2117build_20220802
OR
qnapqtsMatch4.5.4.2280build_20230112
OR
qnapqtsMatch4.5.4.2374build_20230416
Node
qnapquts_heroMatchh5.1.0.2409build_20230525
Node
qnapquts_heroMatchh5.0.1.2045build_20220526
OR
qnapquts_heroMatchh5.0.1.2192build_20221020
OR
qnapquts_heroMatchh5.0.1.2248build_20221215
OR
qnapquts_heroMatchh5.0.1.2269build_20230104
OR
qnapquts_heroMatchh5.0.1.2277build_20230112
OR
qnapquts_heroMatchh5.0.1.2348build_20230324
OR
qnapquts_heroMatchh5.0.1.2376build_20230421
Node
qnapquts_heroMatchh4.5.4.1771build_20210825
OR
qnapquts_heroMatchh4.5.4.1800build_20210923
OR
qnapquts_heroMatchh4.5.4.1813build_20211006
OR
qnapquts_heroMatchh4.5.4.1848build_20211109
OR
qnapquts_heroMatchh4.5.4.1892build_20211223
OR
qnapquts_heroMatchh4.5.4.1951build_20220218
OR
qnapquts_heroMatchh4.5.4.1971build_20220310
OR
qnapquts_heroMatchh4.5.4.1991build_20220330
OR
qnapquts_heroMatchh4.5.4.2052build_20220530
OR
qnapquts_heroMatchh4.5.4.2138build_20220824
OR
qnapquts_heroMatchh4.5.4.2217build_20221111
OR
qnapquts_heroMatchh4.5.4.2272build_20230105
OR
qnapquts_heroMatchh4.5.4.2374build_20230417
[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.0.1.2425 build 20230609",
        "status": "affected",
        "version": "5.0.x",
        "versionType": "custom"
      },
      {
        "lessThan": "5.1.0.2444 build 20230629",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "4.5.4.2467 build 20230718",
        "status": "affected",
        "version": "4.5.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.0.2424 build 20230609",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "h5.0.1.2515 build 20230907",
        "status": "affected",
        "version": "h5.0.x",
        "versionType": "custom"
      },
      {
        "lessThan": "h4.5.4.2476 build 20230728",
        "status": "affected",
        "version": "h4.5.x",
        "versionType": "custom"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 07:46Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.16.1 - 6.5
EPSS0.00225
CWE-79
cve-2023-23372cross-site scriptingxssqnapvulnerabilitysecuritynetworkinjectionnvd
45