QNAP Helpdesk

Helpdesk XSS via Network Admin Auth in versions <3.3.1
CVE-2024-27125 4.8 - Medium - September 06, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later

XSS

An improper access control vulnerability has been reported to affect QNAP NAS
CVE-2021-28814 8.8 - High - June 11, 2021

An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.

The vulnerability have been reported to affect earlier versions of QTS
CVE-2020-2506 7.3 - High - February 03, 2021

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

Authorization

The vulnerability have been reported to affect earlier versions of QTS
CVE-2020-2507 9.8 - Critical - February 03, 2021

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

Shell injection

QNAP has already patched this vulnerability
CVE-2017-13068 - October 06, 2017

QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.