PT-2020-5343 · Qnap · Qnap Qes

Published

2020-12-23

Updated

2020-12-28

CVE-2020-2503

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QNAP QES versions prior to 2.1.1 Build 20201006

Description This issue is related to a stored cross-site scripting vulnerability that could allow remote attackers to inject malicious code in File Station. The vulnerability is associated with the lack of protection measures for the web page structure, which could enable a remote attacker to perform a cross-site scripting attack.

Recommendations For QNAP QES versions prior to 2.1.1 Build 20201006, update to QES 2.1.1 Build 20201006 or later to resolve the issue. As a temporary workaround, consider restricting access to the File Station to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79CWE-749

Related Identifiers

BDU:2021-00172

CVE-2020-2503

Affected Products

Qnap Qes

PT-2020-5343 · Qnap · Qnap Qes

CVE-2020-2503

Weakness Enumeration

Related Identifiers

Affected Products

References · 8