CVE-2018-19942

EPSS 0.27%
Veröffentlicht 16.04.2021 01:15:12
Zuletzt bearbeitet 21.11.2024 03:58:51
Quelle security@qnapsecurity.com.tw
Teams Watchlist Login
Unerledigt Login

A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later)

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Qts Version < 4.2.6

Qnap ≫ Qts Version >= 4.3.5 < 4.3.6

Qnap ≫ Qts Version >= 4.4.0 < 4.5.1

Qnap ≫ Qts Version4.2.6 Update-

Qnap ≫ Qts Version4.2.6 Updatebuild_20170517

Qnap ≫ Qts Version4.2.6 Updatebuild_20190322

Qnap ≫ Qts Version4.2.6 Updatebuild_20190730

Qnap ≫ Qts Version4.2.6 Updatebuild_20190921

Qnap ≫ Qts Version4.2.6 Updatebuild_20191107

Qnap ≫ Qts Version4.2.6 Updatebuild_20200109

Qnap ≫ Qts Version4.2.6 Updatebuild_20200421

Qnap ≫ Qts Version4.2.6 Updatebuild_20200611

Qnap ≫ Qts Version4.2.6 Updatebuild_20200821

Qnap ≫ Qts Version4.3.3

Qnap ≫ Qts Version4.3.3.0095

Qnap ≫ Qts Version4.3.3.0096

Qnap ≫ Qts Version4.3.3.0136

Qnap ≫ Qts Version4.3.3.0154

Qnap ≫ Qts Version4.3.3.0174

Qnap ≫ Qts Version4.3.3.0188

Qnap ≫ Qts Version4.3.3.0210

Qnap ≫ Qts Version4.3.3.0229

Qnap ≫ Qts Version4.3.3.0238

Qnap ≫ Qts Version4.3.3.0262

Qnap ≫ Qts Version4.3.3.0299

Qnap ≫ Qts Version4.3.3.0351

Qnap ≫ Qts Version4.3.3.0353

Qnap ≫ Qts Version4.3.3.0361

Qnap ≫ Qts Version4.3.3.0369

Qnap ≫ Qts Version4.3.3.0378

Qnap ≫ Qts Version4.3.3.0396

Qnap ≫ Qts Version4.3.3.0404

Qnap ≫ Qts Version4.3.3.0416

Qnap ≫ Qts Version4.3.3.0418

Qnap ≫ Qts Version4.3.3.0448

Qnap ≫ Qts Version4.3.3.0514

Qnap ≫ Qts Version4.3.3.0546

Qnap ≫ Qts Version4.3.3.0570

Qnap ≫ Qts Version4.3.3.0868

Qnap ≫ Qts Version4.3.3.0998

Qnap ≫ Qts Version4.3.3.1051

Qnap ≫ Qts Version4.3.3.1098

Qnap ≫ Qts Version4.3.3.1161

Qnap ≫ Qts Version4.3.3.1252

Qnap ≫ Qts Version4.3.3.1315

Qnap ≫ Qts Version4.3.3.1386

Qnap ≫ Qts Version4.3.4

Qnap ≫ Qts Version4.3.4.0358

Qnap ≫ Qts Version4.3.4.0358 Updatebeta1

Qnap ≫ Qts Version4.3.4.0370

Qnap ≫ Qts Version4.3.4.0370 Updatebeta1

Qnap ≫ Qts Version4.3.4.0372

Qnap ≫ Qts Version4.3.4.0372 Updatebeta1

Qnap ≫ Qts Version4.3.4.0374

Qnap ≫ Qts Version4.3.4.0374 Updatebeta1

Qnap ≫ Qts Version4.3.4.0387

Qnap ≫ Qts Version4.3.4.0387 Updatebeta2

Qnap ≫ Qts Version4.3.4.0411

Qnap ≫ Qts Version4.3.4.0416

Qnap ≫ Qts Version4.3.4.0427

Qnap ≫ Qts Version4.3.4.0434

Qnap ≫ Qts Version4.3.4.0435

Qnap ≫ Qts Version4.3.4.0451

Qnap ≫ Qts Version4.3.4.0483

Qnap ≫ Qts Version4.3.4.0486

Qnap ≫ Qts Version4.3.4.0506

Qnap ≫ Qts Version4.3.4.0516

Qnap ≫ Qts Version4.3.4.0526

Qnap ≫ Qts Version4.3.4.0551

Qnap ≫ Qts Version4.3.4.0557

Qnap ≫ Qts Version4.3.4.0561

Qnap ≫ Qts Version4.3.4.0569

Qnap ≫ Qts Version4.3.4.0593

Qnap ≫ Qts Version4.3.4.0597

Qnap ≫ Qts Version4.3.4.0604

Qnap ≫ Qts Version4.3.4.0899

Qnap ≫ Qts Version4.3.4.1029

Qnap ≫ Qts Version4.3.4.1082

Qnap ≫ Qts Version4.3.4.1190

Qnap ≫ Qts Version4.3.4.1282

Qnap ≫ Qts Version4.3.4.1368

Qnap ≫ Qts Version4.3.4.1417

Qnap ≫ Qts Version4.3.6 Update-

Qnap ≫ Qts Version4.3.6.0895

Qnap ≫ Qts Version4.3.6.0907

Qnap ≫ Qts Version4.3.6.0923

Qnap ≫ Qts Version4.3.6.0944

Qnap ≫ Qts Version4.3.6.0959

Qnap ≫ Qts Version4.3.6.0979

Qnap ≫ Qts Version4.3.6.0993

Qnap ≫ Qts Version4.3.6.1013

Qnap ≫ Qts Version4.3.6.1033

Qnap ≫ Qts Version4.3.6.1070

Qnap ≫ Qts Version4.3.6.1154

Qnap ≫ Qts Version4.3.6.1218

Qnap ≫ Qts Version4.3.6.1263

Qnap ≫ Qts Version4.3.6.1286

Qnap ≫ Qts Version4.3.6.1333

Qnap ≫ Qts Version4.3.6.1411

Qnap ≫ Qts Version4.5.1 Update-

Qnap ≫ Qts Version4.5.2 Update-

Qnap ≫ Quts Hero Version < h4.5.1

Qnap ≫ Quts Hero Versionh4.5.1

Qnap ≫ Quts Hero Versionh4.5.1 Update-

Qnap ≫ Qutscloud Version < c4.5.3

Qnap ≫ Qutscloud Versionc4.5.3 Update-

Qnap ≫ Qutscloud Versionc4.5.4 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.474

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

https://www.qnap.com/zh-tw/security-advisory/qsa-21-04

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-19942

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19942

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19942

EUVD