CVE-2020-14244

CVE-2020-14244 affects IBM Domino server (versions 9 and 10) with a MIME message handling flaw that can be exploited by an unauthenticated attacker to cause a stack buffer overflow. This could crash the server or allow code to be executed with server privileges. The connected sources confirm the ...

CVE-2020-24634

The CVE-2020-24634 vulnerability affects ArubaOS/PAPI on Aruba AP management UDP port 8211 (Aruba 9000 Gateway, Aruba 7000 and 7200 series mobility controllers). A remote attacker can inject arbitrary commands by sending specially crafted packets. Affected versions include Aruba 9000 gateway, and...

CVE-2020-2498

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 bui...

CVE-2020-2494

This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3:...

CVE-2020-2491

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo...

CVE-2020-2495

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 a...

Cross site scripting

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build...

Cross site scripting

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo...

CVE-2020-2498

CVE-2020-2498 is a cross-site scripting vulnerability affecting QTS and QuTS hero. The issue allows remote attackers to inject malicious code into certificate configuration if exploited. Affected versions were fixed in QuTS hero h4.5.1.1472 build 20201031 and later, QTS 4.5.1.1456 build 20201015 ...

CVE-2020-2495

CVE-2020-2495 is a cross-site scripting (XSS) vulnerability in QNAP QTS/QuTS Hero File Station that could allow remote attackers to inject malicious code. The issue is fixed in multiple newer builds: QuTS hero h4.5.1.1472+ (20201031+), QTS 4.5.1.1456+, QTS 4.4.3.1354+, QTS 4.3.6.1333+, QTS 4.3.4....

CVE-2020-2491

CVE-2020-2491 is a cross-site scripting (XSS) vulnerability in QNAP Photo Station . The CVE applies to QTS/QuTS installations that include Photo Station and can allow remote attackers to inject malicious code via Photo Station components. The included connected documents confirm affected products...

PT-2020-15874 · Qnap · Qts +1

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 4.5.1.1456 build 20201015 QuTS hero versions prior to h4.5.1.1472 build 20201031 QTS versions prior to 4.4.3.1354 build 20200702 QTS versions prior to 4.3.6.1333 build 20200608 QTS versions prior to 4.3.4.1368 build...

The vulnerability of the KTS “Lighthouse” web interface, which stems from the lack of measures to sanitize input data, allows a perpetrator to inject any desired web script or HTML code.

The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to inject arbitrary web scripts or HTML code...

The vulnerability of the KTS “Lighthouse” web interface, which stems from the lack of measures to sanitize input data, allows a perpetrator to inject any desired web script or HTML code.

The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to inject arbitrary web scripts or HTML code...

CVE-2020-5662

Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors...

CVE-2018-19956

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10...

CVE-2018-19955

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10...

CVE-2018-19955

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10...

CVE-2018-19954

CVE-2018-19954 is a cross-site scripting vulnerability in QNAP Systems Inc. Photo Station. Affected versions are Photo Station prior to 5.7.11 and prior to 6.0.10. The issue stems from insufficient input validation in the Web application, enabling remote attackers to inject malicious code if expl...

PT-2020-8659 · Qnap Systems · Music Station

Name of the Vulnerable Software and Affected Versions: QNAP Systems Inc. Music Station versions prior to 5.1.13 QNAP Systems Inc. Music Station versions prior to 5.2.9 QNAP Systems Inc. Music Station versions prior to 5.3.11 Description: This issue is a cross-site scripting vulnerability that cou...