CVE-2018-19942

A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later)
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
qnapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
qnapqts
𝑥
< 4.2.6
qnapqts
4.3.5 ≤
𝑥
< 4.3.6
qnapqts
4.4.0 ≤
𝑥
< 4.5.1
qnapqts
4.2.6
qnapqts
4.2.6:build_20170517
qnapqts
4.2.6:build_20190322
qnapqts
4.2.6:build_20190730
qnapqts
4.2.6:build_20190921
qnapqts
4.2.6:build_20191107
qnapqts
4.2.6:build_20200109
qnapqts
4.2.6:build_20200421
qnapqts
4.2.6:build_20200611
qnapqts
4.2.6:build_20200821
qnapqts
4.3.3
qnapqts
4.3.3.0095
qnapqts
4.3.3.0096
qnapqts
4.3.3.0136
qnapqts
4.3.3.0154
qnapqts
4.3.3.0174
qnapqts
4.3.3.0188
qnapqts
4.3.3.0210
qnapqts
4.3.3.0229
qnapqts
4.3.3.0238
qnapqts
4.3.3.0262
qnapqts
4.3.3.0299
qnapqts
4.3.3.0351
qnapqts
4.3.3.0353
qnapqts
4.3.3.0361
qnapqts
4.3.3.0369
qnapqts
4.3.3.0378
qnapqts
4.3.3.0396
qnapqts
4.3.3.0404
qnapqts
4.3.3.0416
qnapqts
4.3.3.0418
qnapqts
4.3.3.0448
qnapqts
4.3.3.0514
qnapqts
4.3.3.0546
qnapqts
4.3.3.0570
qnapqts
4.3.3.0868
qnapqts
4.3.3.0998
qnapqts
4.3.3.1051
qnapqts
4.3.3.1098
qnapqts
4.3.3.1161
qnapqts
4.3.3.1252
qnapqts
4.3.3.1315
qnapqts
4.3.3.1386
qnapqts
4.3.4
qnapqts
4.3.4.0358
qnapqts
4.3.4.0358:beta1
qnapqts
4.3.4.0370
qnapqts
4.3.4.0370:beta1
qnapqts
4.3.4.0372
qnapqts
4.3.4.0372:beta1
qnapqts
4.3.4.0374
qnapqts
4.3.4.0374:beta1
qnapqts
4.3.4.0387
qnapqts
4.3.4.0387:beta2
qnapqts
4.3.4.0411
qnapqts
4.3.4.0416
qnapqts
4.3.4.0427
qnapqts
4.3.4.0434
qnapqts
4.3.4.0435
qnapqts
4.3.4.0451
qnapqts
4.3.4.0483
qnapqts
4.3.4.0486
qnapqts
4.3.4.0506
qnapqts
4.3.4.0516
qnapqts
4.3.4.0526
qnapqts
4.3.4.0551
qnapqts
4.3.4.0557
qnapqts
4.3.4.0561
qnapqts
4.3.4.0569
qnapqts
4.3.4.0593
qnapqts
4.3.4.0597
qnapqts
4.3.4.0604
qnapqts
4.3.4.0899
qnapqts
4.3.4.1029
qnapqts
4.3.4.1082
qnapqts
4.3.4.1190
qnapqts
4.3.4.1282
qnapqts
4.3.4.1368
qnapqts
4.3.4.1417
qnapqts
4.3.6
qnapqts
4.3.6.0895
qnapqts
4.3.6.0907
qnapqts
4.3.6.0923
qnapqts
4.3.6.0944
qnapqts
4.3.6.0959
qnapqts
4.3.6.0979
qnapqts
4.3.6.0993
qnapqts
4.3.6.1013
qnapqts
4.3.6.1033
qnapqts
4.3.6.1070
qnapqts
4.3.6.1154
qnapqts
4.3.6.1218
qnapqts
4.3.6.1263
qnapqts
4.3.6.1286
qnapqts
4.3.6.1333
qnapqts
4.3.6.1411
qnapqts
4.5.1
qnapqts
4.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qnap.com/zh-tw/security-advisory/qsa-21-04
https://www.qnap.com/zh-tw/security-advisory/qsa-21-04