CVE-2021-28807 Post-Authentication Reflected XSS Vulnerability in Q'center

🗓️ 03 Jun 2021 02:45:14Reported by qnapType

CVE-2021-28807 Q'center XSS Vulnerabilit

Reporter	Title	Published	Views	Family All 6
CNNVD	QNAP NAS 跨站脚本漏洞	3 Jun 202100:00	–	cnnvd
CVE	CVE-2021-28807	3 Jun 202102:45	–	cve
EUVD	EUVD-2021-15463	7 Oct 202500:30	–	euvd
NVD	CVE-2021-28807	3 Jun 202103:15	–	nvd
OSV	CVE-2021-28807	3 Jun 202103:15	–	osv
Prion	Cross site scripting	3 Jun 202103:15	–	prion

[
  {
    "platforms": [
      "QTS 4.5.3"
    ],
    "product": "Q’center",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v1.12.1012",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.3.6"
    ],
    "product": "Q’center",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v1.10.1004",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.3.3"
    ],
    "product": "Q’center",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v1.10.1004",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QuTS hero h4.5.2"
    ],
    "product": "Q’center",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v1.12.1012",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QuTScloud c4.5.4"
    ],
    "product": "Q’center",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v1.12.1012",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
shielder	www.shielder.it/advisories/qnap-qcenter-post-auth-remote-code-execution-via-qpkg/
qnap	www.qnap.com/zh-tw/security-advisory/qsa-21-20
shielder	www.shielder.it/advisories/qnap-qcenter-virtual-stored-xss/

16 Jul 2021 10:58Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.7

EPSS0.00358

CWE-79