CVE-2018-19943

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
qnapCNA
8 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
qnapqts
𝑥
< 4.2.6
qnapqts
4.3.1.0013 ≤
𝑥
< 4.3.3.1252
qnapqts
4.3.4 ≤
𝑥
< 4.3.4.1282
qnapqts
4.3.6 ≤
𝑥
< 4.3.6.1263
qnapqts
4.4.0 ≤
𝑥
< 4.4.1.1261
qnapqts
4.4.2 ≤
𝑥
< 4.4.2.1270
qnapqts
4.2.6
qnapqts
4.2.6:build_20170517
qnapqts
4.2.6:build_20190322
qnapqts
4.2.6:build_20190730
qnapqts
4.2.6:build_20190921
qnapqts
4.2.6:build_20191107
qnapqts
4.2.6:build_20200109
qnapqts
4.2.6:build_20200421
qnapqts
4.2.6:build_20200611
qnapqts
4.2.6:build_20200821
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01