Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-19953
HistoryOct 28, 2020 - 6:15 p.m.

CVE-2018-19953

2020-10-2818:15:12
CWE-79
CWE-80
[email protected]
web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.

Affected configurations

NVD
Node
qnapqtsRange<4.2.6
OR
qnapqtsRange4.3.1.00134.3.3.1161
OR
qnapqtsRange4.3.44.3.4.1190
OR
qnapqtsRange4.3.64.3.6.1218
OR
qnapqtsRange4.4.04.4.1.1201
OR
qnapqtsRange4.4.24.4.2.1231
OR
qnapqtsMatch4.2.6-
OR
qnapqtsMatch4.2.6build_20170517
OR
qnapqtsMatch4.2.6build_20190322
OR
qnapqtsMatch4.2.6build_20190730
OR
qnapqtsMatch4.2.6build_20190921
OR
qnapqtsMatch4.2.6build_20191107

Related

prion 1
cvelist 1
attackerkb 1
cisa_kev 1
cve 1
checkpoint_advisories 1
openvas 1
nessus 1
prion
prion
Cross site scripting
2020-10-28 18:15:00
cvelist
cvelist
CVE-2018-19953
2020-10-28 17:55:18
attackerkb
attackerkb
CVE-2018-19953
2020-10-28 00:00:00
cisa_kev
cisa_kev
QNAP NAS File Station Cross-Site Scripting Vulnerability
2022-05-24 00:00:00
cve
cve
CVE-2018-19953
2020-10-28 18:15:12
checkpoint_advisories
checkpoint_advisories
QNAP FileStation Cross Site Scripting (CVE-2018-19953)
2022-06-07 00:00:00
openvas
openvas
QNAP QTS Multiple Vulnerabilities (QSA-20-01)
2020-06-26 00:00:00
nessus
nessus
QNAP QTS Multiple Vulnerabilities in File Station (QSA-20-01)
2022-05-26 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON
Related for NVD:CVE-2018-19953
prion1cvelist1attackerkb1cisa_kev1cve1checkpoint_advisories1openvas1nessus1