Lucene search

QnapCVE-2024-27122

HistorySep 06, 2024 - 5:15 p.m.

CVE-2024-27122

2024-09-0617:15:14

CWE-79

qnap

web.nvd.nist.gov

cross-site scripting

vulnerability

notes station

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

EPSS

Percentile

14.7%

JSON

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.

We have already fixed the vulnerability in the following versions:
Notes Station 3 3.9.6 and later

Affected configurations

Nvd

Node

qnapnotes_station_3Range3.3.9.0–3.3.9.6

VendorProductVersionCPE
qnapnotes_station_3*cpe:2.3:a:qnap:notes_station_3:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	notes_station_3	*	cpe:2.3:a:qnap:notes_station_3::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Notes Station 3",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "3.9.6",
        "status": "affected",
        "version": "3.9.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-21