CVE-2018-19943 Vulnerability Details

  /     /     /  

CVE-2018-19943 Metadata Quick Info

CVE Published: 28/10/2020 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: qnap | Vendor: QNAP Systems Inc. | Product: QTS
Status : PUBLISHED

---

CVE-2018-19943 Description

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

Metrics

CVSS Version: 3.1 | Base Score: 8 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Cross-site Scripting (XSS)
Source: QNAP Systems Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).