CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38640

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.5%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.qnap.com/en/security-advisory/qsa-24-35

Products affected by CVE-2024-38640

Qnap » Download Station » Version: 5.8.0

cpe:2.3:a:qnap:download_station:5.8.0
Qnap » Download Station » Version: 5.8.1.226

cpe:2.3:a:qnap:download_station:5.8.1.226
Qnap » Download Station » Version: 5.8.2.247

cpe:2.3:a:qnap:download_station:5.8.2.247
Qnap » Download Station » Version: 5.8.3.251

cpe:2.3:a:qnap:download_station:5.8.3.251
Qnap » Download Station » Version: 5.8.4.256

cpe:2.3:a:qnap:download_station:5.8.4.256
Qnap » Download Station » Version: 5.8.4.261

cpe:2.3:a:qnap:download_station:5.8.4.261
Qnap » Download Station » Version: 5.8.5.266

cpe:2.3:a:qnap:download_station:5.8.5.266
Qnap » Download Station » Version: 5.8.6.280

cpe:2.3:a:qnap:download_station:5.8.6.280

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38640

Products

Pricing

Contact Us