← Volver a CVEs
CVE-2021-38681
MEDIUM5.3
Descripcion
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado11/20/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
qnap:nasqnap:ragic_cloud_db
Debilidades (CWE)
CWE-79
Referencias
https://www.qnap.com/en/security-advisory/qsa-21-48(security@qnapsecurity.com.tw)
https://www.qnap.com/en/security-advisory/qsa-21-48(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.