CVE-2021-38681

MEDIUM

5.3

Descricao

A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.

Detalhes CVE

Pontuacao CVSS v3.15.3

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeHIGH

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado11/20/2021

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

qnap:nasqnap:ragic_cloud_db

Fraquezas (CWE)

CWE-79

Referencias

https://www.qnap.com/en/security-advisory/qsa-21-48(security@qnapsecurity.com.tw)

https://www.qnap.com/en/security-advisory/qsa-21-48(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.