| |
Vulnerability CVE-2019-7185
Published: 2019-12-05
| Description: |
This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator?s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions. |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
3.5/10 |
2.9/10 |
6.8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
https://www.qnap.com/zh-tw/security-advisory/nas-201911-27
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
