Lucene search

QnapCVELIST:CVE-2021-38680

HistoryDec 29, 2021 - 1:05 p.m.

CVE-2021-38680 Reflected XSS in Kazoo Server

2021-12-2913:05:13

CWE-79

qnap

www.cve.org

kazoo server

xss

remote attackers

cve-2021-38680

qnap device

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

45.3%

JSON

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.20 and later

CNA Affected

[
  {
    "product": "Kazoo Server",
    "vendor": "Linn Products Limited",
    "versions": [
      {
        "lessThan": "4.11.20",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-54

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

45.3%

JSON

Related for CVELIST:CVE-2021-38680