Vulnerability Details CVE-2018-19953
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.401
EPSS Ranking 97.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Proposed Action
A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
Ransomware Campaign
Known
References
Products affected by CVE-2018-19953
-
cpe:2.3:o:qnap:qts:-
-
cpe:2.3:o:qnap:qts:4.0
-
cpe:2.3:o:qnap:qts:4.0.3
-
cpe:2.3:o:qnap:qts:4.1.0
-
cpe:2.3:o:qnap:qts:4.1.1
-
cpe:2.3:o:qnap:qts:4.1.4
-
cpe:2.3:o:qnap:qts:4.2.0
-
cpe:2.3:o:qnap:qts:4.2.1
-
cpe:2.3:o:qnap:qts:4.2.2
-
cpe:2.3:o:qnap:qts:4.2.3
-
cpe:2.3:o:qnap:qts:4.2.4
-
cpe:2.3:o:qnap:qts:4.2.6
-
cpe:2.3:o:qnap:qts:4.3.1.0013
-
cpe:2.3:o:qnap:qts:4.3.1.0023
-
cpe:2.3:o:qnap:qts:4.3.2.0050
-
cpe:2.3:o:qnap:qts:4.3.2.0060
-
cpe:2.3:o:qnap:qts:4.3.2.0144
-
cpe:2.3:o:qnap:qts:4.3.3
-
cpe:2.3:o:qnap:qts:4.3.3.0095
-
cpe:2.3:o:qnap:qts:4.3.3.0096
-
cpe:2.3:o:qnap:qts:4.3.3.0136
-
cpe:2.3:o:qnap:qts:4.3.3.0154
-
cpe:2.3:o:qnap:qts:4.3.3.0174
-
cpe:2.3:o:qnap:qts:4.3.3.0188
-
cpe:2.3:o:qnap:qts:4.3.3.0210
-
cpe:2.3:o:qnap:qts:4.3.3.0229
-
cpe:2.3:o:qnap:qts:4.3.3.0238
-
cpe:2.3:o:qnap:qts:4.3.3.0262
-
cpe:2.3:o:qnap:qts:4.3.3.0299
-
cpe:2.3:o:qnap:qts:4.3.3.0351
-
cpe:2.3:o:qnap:qts:4.3.3.0353
-
cpe:2.3:o:qnap:qts:4.3.3.0361
-
cpe:2.3:o:qnap:qts:4.3.3.0369
-
cpe:2.3:o:qnap:qts:4.3.3.0378
-
cpe:2.3:o:qnap:qts:4.3.3.0396
-
cpe:2.3:o:qnap:qts:4.3.3.0404
-
cpe:2.3:o:qnap:qts:4.3.3.0416
-
cpe:2.3:o:qnap:qts:4.3.3.0418
-
cpe:2.3:o:qnap:qts:4.3.3.0448
-
cpe:2.3:o:qnap:qts:4.3.3.0514
-
cpe:2.3:o:qnap:qts:4.3.3.0546
-
cpe:2.3:o:qnap:qts:4.3.3.0570
-
cpe:2.3:o:qnap:qts:4.3.3.0868
-
cpe:2.3:o:qnap:qts:4.3.3.0998
-
cpe:2.3:o:qnap:qts:4.3.3.1051
-
cpe:2.3:o:qnap:qts:4.3.3.1098
-
cpe:2.3:o:qnap:qts:4.3.4
-
cpe:2.3:o:qnap:qts:4.3.4.0358
-
cpe:2.3:o:qnap:qts:4.3.4.0370
-
cpe:2.3:o:qnap:qts:4.3.4.0372
-
cpe:2.3:o:qnap:qts:4.3.4.0374
-
cpe:2.3:o:qnap:qts:4.3.4.0387
-
cpe:2.3:o:qnap:qts:4.3.4.0411
-
cpe:2.3:o:qnap:qts:4.3.4.0416
-
cpe:2.3:o:qnap:qts:4.3.4.0427
-
cpe:2.3:o:qnap:qts:4.3.4.0434
-
cpe:2.3:o:qnap:qts:4.3.4.0435
-
cpe:2.3:o:qnap:qts:4.3.4.0451
-
cpe:2.3:o:qnap:qts:4.3.4.0483
-
cpe:2.3:o:qnap:qts:4.3.4.0486
-
cpe:2.3:o:qnap:qts:4.3.4.0506
-
cpe:2.3:o:qnap:qts:4.3.4.0516
-
cpe:2.3:o:qnap:qts:4.3.4.0526
-
cpe:2.3:o:qnap:qts:4.3.4.0551
-
cpe:2.3:o:qnap:qts:4.3.4.0557
-
cpe:2.3:o:qnap:qts:4.3.4.0561
-
cpe:2.3:o:qnap:qts:4.3.4.0569
-
cpe:2.3:o:qnap:qts:4.3.4.0593
-
cpe:2.3:o:qnap:qts:4.3.4.0597
-
cpe:2.3:o:qnap:qts:4.3.4.0604
-
cpe:2.3:o:qnap:qts:4.3.4.0899
-
cpe:2.3:o:qnap:qts:4.3.4.1029
-
cpe:2.3:o:qnap:qts:4.3.4.1082
-
cpe:2.3:o:qnap:qts:4.3.6
-
cpe:2.3:o:qnap:qts:4.3.6.0895
-
cpe:2.3:o:qnap:qts:4.3.6.0907
-
cpe:2.3:o:qnap:qts:4.3.6.0923
-
cpe:2.3:o:qnap:qts:4.3.6.0944
-
cpe:2.3:o:qnap:qts:4.3.6.0959
-
cpe:2.3:o:qnap:qts:4.3.6.0979
-
cpe:2.3:o:qnap:qts:4.3.6.0993
-
cpe:2.3:o:qnap:qts:4.3.6.1013
-
cpe:2.3:o:qnap:qts:4.3.6.1033
-
cpe:2.3:o:qnap:qts:4.3.6.1070
-
cpe:2.3:o:qnap:qts:4.3.6.1154
-
cpe:2.3:o:qnap:qts:4.4.0
-
cpe:2.3:o:qnap:qts:4.4.0.0883
-
cpe:2.3:o:qnap:qts:4.4.0.0931
-
cpe:2.3:o:qnap:qts:4.4.0.0979
-
cpe:2.3:o:qnap:qts:4.4.1
-
cpe:2.3:o:qnap:qts:4.4.1.0948
-
cpe:2.3:o:qnap:qts:4.4.1.0949
-
cpe:2.3:o:qnap:qts:4.4.1.0978
-
cpe:2.3:o:qnap:qts:4.4.1.0998
-
cpe:2.3:o:qnap:qts:4.4.1.0999
-
cpe:2.3:o:qnap:qts:4.4.1.1031
-
cpe:2.3:o:qnap:qts:4.4.1.1033
-
cpe:2.3:o:qnap:qts:4.4.1.1064
-
cpe:2.3:o:qnap:qts:4.4.1.1081
-
cpe:2.3:o:qnap:qts:4.4.1.1086
-
cpe:2.3:o:qnap:qts:4.4.1.1101
-
cpe:2.3:o:qnap:qts:4.4.1.1117
-
cpe:2.3:o:qnap:qts:4.4.1.1146
-
cpe:2.3:o:qnap:qts:4.4.2