Lucene search

QnapCVE-2023-34977

HistoryOct 13, 2023 - 8:15 p.m.

CVE-2023-34977

2023-10-1320:15:10

CWE-79

qnap

web.nvd.nist.gov

cve-2023-34977

cross-site scripting

xss

video station

vulnerability

security

network security

nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

18.7%

JSON

A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.

We have already fixed the vulnerability in the following version:
Video Station 5.7.0 ( 2023/07/27 ) and later

Affected configurations

Nvd

Node

qnapvideo_stationRange<2023.07.27

VendorProductVersionCPE
qnapvideo_station*cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	video_station	*	cpe:2.3:a:qnap:video_station::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Video Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.7.0 ( 2023/07/27 )",
        "status": "affected",
        "version": "5.7.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-23-52