19 matches found
CVE-2020-2498
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 bui...
CVE-2020-2497
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build...
CVE-2020-2495
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 a...
CVE-2020-2496
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 a...
Cross site scripting
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build...
Cross site scripting
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 a...
Cross site scripting
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 bui...
Cross site scripting
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 a...
Cross site scripting
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo...
CVE-2020-2498
CVE-2020-2498 is a cross-site scripting vulnerability affecting QTS and QuTS hero. The issue allows remote attackers to inject malicious code into certificate configuration if exploited. Affected versions were fixed in QuTS hero h4.5.1.1472 build 20201031 and later, QTS 4.5.1.1456 build 20201015 ...
CVE-2020-2497
The CVE-2020-2497 entry describes a cross-site scripting (XSS) vulnerability in QTS/QuTS Hero where remote attackers could inject malicious code into System Connection Logs. Affected products include QTS and QuTS Hero with multiple fixed versions listed: QuTS hero h4.5.1.1472 build 20201031 and l...
CVE-2020-2496
CVE-2020-2496 is a cross-site scripting vulnerability affecting QNAP QTS/QuTS Hero. Exploitation could allow remote attackers to inject malicious code via File Station. QANP subsequently fixed the issue in multiple releases: QuTS hero h4.5.1.1472 build 20201031 and later; QTS 4.5.1.1456 build 202...
CVE-2020-2496 Cross-site scripting vulnerability in QTS and QuTS hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 a...
CVE-2020-2495 Cross-site scripting vulnerability in QTS and QuTS hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 a...
CVE-2020-2495
CVE-2020-2495 is a cross-site scripting (XSS) vulnerability in QNAP QTS/QuTS Hero File Station that could allow remote attackers to inject malicious code. The issue is fixed in multiple newer builds: QuTS hero h4.5.1.1472+ (20201031+), QTS 4.5.1.1456+, QTS 4.4.3.1354+, QTS 4.3.6.1333+, QTS 4.3.4....
CVE-2020-2494 Cross-site Scripting Vulnerability in Music Station
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3:...
CVE-2020-2494
The CVE-2020-2494 entry concerns a cross-site scripting (XSS) vulnerability in QNAP Music Station. The issue allows remote attackers to inject malicious code through Music Station components, with exploitation tied to specific versions of QNAP firmware: QuTS hero h4.5.1: Music Station 5.3.13 and ...
CVE-2020-2493
CVE-2020-2493 is an XSS vulnerability in QNAP’s Multimedia Console that allows remote attackers to inject malicious code. The issue affects the Multimedia Console component and has been fixed in Multimedia Console 1.1.5 and later (per QNAP advisory QSA-20-14). The CVE is documented across multipl...
CVE-2020-2491
CVE-2020-2491 is a cross-site scripting (XSS) vulnerability in QNAP Photo Station . The CVE applies to QTS/QuTS installations that include Photo Station and can allow remote attackers to inject malicious code via Photo Station components. The included connected documents confirm affected products...