CVE-2023-50366

🗓️ 06 Sep 2024 16:25:57Reported by qnapType

A cross-site scripting vulnerability affects QNAP OS, allowing injection of malicious code by authenticated admins and fixed in QTS 5.1.6.2722 and QuTS hero h5.1.6.2734 version

Reporter	Title	Published	Views	Family All 8
CNNVD	QNAP Systems QTS和QNAP Systems QuTS hero 跨站脚本漏洞	6 Sep 202400:00	–	cnnvd
CNVD	QNAP QTS and QuTS hero cross-site scripting vulnerability	11 Sep 202400:00	–	cnvd
Cvelist	CVE-2023-50366 QTS, QuTS hero	6 Sep 202416:25	–	cvelist
EUVD	EUVD-2023-55167	3 Oct 202520:07	–	euvd
NVD	CVE-2023-50366	6 Sep 202417:15	–	nvd
Positive Technologies	PT-2024-13927 · Qnap · Qnap Qts +1	6 Sep 202400:00	–	ptsecurity
Tenable Nessus	Qnap QTS Cross-site Scripting (CVE-2023-50366)	16 Oct 202400:00	–	nessus
Vulnrichment	CVE-2023-50366 QTS, QuTS hero	6 Sep 202416:25	–	vulnrichment

NVD

Node

qnap qtsMatch5.1.0.2348build_20230325

qnap qtsMatch5.1.0.2399build_20230515

qnap qtsMatch5.1.0.2418build_20230603

qnap qtsMatch5.1.0.2444build_20230629

qnap qtsMatch5.1.0.2466build_20230721

qnap qtsMatch5.1.1.2491build_20230815

qnap qtsMatch5.1.2.2533build_20230926

qnap qtsMatch5.1.3.2578build_20231110

qnap qtsMatch5.1.4.2596build_20231128

qnap qtsMatch5.1.5.2645build_20240116

qnap qtsMatch5.1.5.2679build_20240219

Node

qnap quts_heroMatchh5.1.0.2409build_20230525

qnap quts_heroMatchh5.1.0.2424build_20230609

qnap quts_heroMatchh5.1.0.2453build_20230708

qnap quts_heroMatchh5.1.0.2466build_20230721

qnap quts_heroMatchh5.1.1.2488build_20230812

qnap quts_heroMatchh5.1.2.2534build_20230927

qnap quts_heroMatchh5.1.3.2578build_20231110

qnap quts_heroMatchh5.1.4.2596build_20231128

qnap quts_heroMatchh5.1.5.2647build_20240118

qnap quts_heroMatchh5.1.5.2680build_20240220

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.6.2722 build 20240402",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.6.2734 build 20240414",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-24-20

11 Sep 2024 13:31Current

4.4Medium risk

Vulners AI Score4.4

CVSS 3.14.3 - 4.8

EPSS0.0014

SSVC

CWE-79