| |
Vulnerability CVE-2019-7184
Published: 2019-12-05
Description: |
This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator?s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
3.5/10 |
2.9/10 |
6.8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
https://www.qnap.com/zh-tw/security-advisory/nas-201911-27
|
|
|
Copyright 2024, cxsecurity.com
|
|
|