Qnap: >> Q'center >> 1.4.519 Security Vulnerabilities
This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-07-01
A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center v1.12.1012 and later QTS 4.3.6: Q’center v1.10.1004 and later QTS 4.3.3: Q’center v1.10.1004 and later QuTS hero h4.5.2: Q’center v1.12.1012 and later QuTScloud c4.5.4: Q’center v1.12.1012 and later
CVSS Score
7.7
EPSS Score
0.012
Published
2021-06-03
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
7.2
EPSS Score
0.759
Published
2018-07-17
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
8.8
EPSS Score
0.658
Published
2018-07-17
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
8.8
EPSS Score
0.391
Published
2018-07-17
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
8.8
EPSS Score
0.241
Published
2018-07-17
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
CVSS Score
8.8
EPSS Score
0.624
Published
2018-07-17