9 matches found
CVE-2022-27593
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...
CVE-2021-34360
A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...
CVE-2021-34360 CSRF Bypass in Proxy Server
A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...
CVE-2021-34359
A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...
Cross site scripting
A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...
CVE-2021-34361 Reflected XSS Vulnerability in Proxy Server
A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...
CVE-2021-34361
CVE-2021-34361 is an XSS flaw in QNAP QTS Proxy Server. The vulnerability allows a remote attacker to inject HTML/script via crafted input in the Proxy Server component (affected by user-supplied data handling). According to the sources, the issue was fixed in QTS 4.5.x with Proxy Server 1.4.2 (2...
CVE-2021-34359 Stored XSS Vulnerability in Proxy Server
A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...
CVE-2021-34359
The CVE-2021-34359 issue is a cross-site scripting (XSS) vulnerability in QNAP QTS Proxy Server. Affected product: Proxy Server on QTS 4.5.x. Root cause: insufficient handling of user-supplied data allowing injection of HTML/Script. Impact: remote attacker could inject malicious code when a user ...