Lucene search

QnapCVELIST:CVE-2021-38681

HistoryNov 20, 2021 - 1:05 a.m.

CVE-2021-38681 Reflected XSS Vulnerability in Ragic Cloud DB

2021-11-2001:05:12

CWE-79

qnap

www.cve.org

cve-2021-38681

reflected xss

ragic cloud db

remote code injection

qnap nas

security patch.

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

47.4%

JSON

A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.

CNA Affected

[
  {
    "product": "Ragic Cloud DB",
    "vendor": "Negocios",
    "versions": [
      {
        "lessThanOrEqual": "3.7.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-48

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

47.4%

JSON

Related for CVELIST:CVE-2021-38681