CVE-2018-19943 is a vulnerability in Qnap Qts
Published on October 28, 2020

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This QNAP NAS File Station Cross-Site Scripting Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

The following remediation steps are recommended / required by June 14, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2018-19943 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2018-19943 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2018-19943

You can be notified by stack.watch whenever vulnerabilities like CVE-2018-19943 are published in these products:

Qnap Qts

What versions of Qts are vulnerable to CVE-2018-19943?