Lucene search

QnapCVELIST:CVE-2021-34357

HistoryNov 11, 2021 - 12:00 a.m.

CVE-2021-34357 Reflected XSS Vulnerability in QmailAgent

2021-11-1100:00:00

CWE-79

qnap

www.cve.org

6.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

43.3%

JSON

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later

CNA Affected

[
  {
    "product": "QmailAgent",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "3.0.2 ( 2021/08/25 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-47

6.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

43.3%

JSON

Related for CVELIST:CVE-2021-34357