← Back to CVEs
CVE-2018-19943
HIGHCISA KEV8.0
Description
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later
CVE Details
CVSS v3.1 Score8.0
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionREQUIRED
Published10/28/2020
Last Modified11/3/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorQNAP
ProductNetwork Attached Storage (NAS)
Vulnerability NameQNAP NAS File Station Cross-Site Scripting Vulnerability
KEV Date Added2022-05-24
Remediation Due Date2022-06-14
Ransomware UseKnown
Affected Products
qnap:qts
Weaknesses (CWE)
CWE-79CWE-80CWE-79
References
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01(security@qnapsecurity.com.tw)
https://www.qnap.com/zh-tw/security-advisory/qsa-20-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19943(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.