CVE-2018-19943

Summary

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

Severity
Medium
Severity Score

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-ID

CWE-79

Vulnerability ID
CVE-2018-19943
Severity
Medium
Severity Score
5.4
Summary
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later
References
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01
Mitigation and Patches
Exploits
https://twitter.com/NormanOre/status/1269756480791642112 https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Metasploit Payload
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE ID
CWE-79

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud AgentTenable NessusRapid7 InsightVM
Company
About UsContactCareer
Resources
CVEWindows KBCase StudieseBooksPolicy TemplatesBlogWebinar
Try It
Patch AstraEPSS CalculatorContactFree ScanSchedule DemoLog In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :