CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2020-2503

CVSS 9.0v3.1pub. 2020-12-24upd. 2024-11-21

If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Qnap Qes

    APP
    Qnap
    2.1.1< 2.1.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2020-2499MEDIUM6.3ten sam produkt

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vu...

CVE-2020-2504MEDIUM5.8ten sam produkt

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Stati...

CVE-2020-2505LOW2.3ten sam produkt

If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error m...

CVE-2022-27593CRITICAL10.0⚠ KEVten sam vendor

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...

CVE-2021-28799CRITICAL10.0⚠ KEVten sam vendor

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync...