← Zuruck zu CVEs
CVE-2018-19943
HIGHCISA KEV8.0
Beschreibung
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later
CVE Details
CVSS v3.1 Bewertung8.0
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht10/28/2020
Zuletzt geandert11/3/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerQNAP
ProduktNetwork Attached Storage (NAS)
SchwachstellennameQNAP NAS File Station Cross-Site Scripting Vulnerability
KEV Aufnahmedatum2022-05-24
Behebungsfrist2022-06-14
Ransomware-NutzungKnown
Betroffene Produkte
qnap:qts
Schwachen (CWE)
CWE-79CWE-80CWE-79
Referenzen
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01(security@qnapsecurity.com.tw)
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19943(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.