CVE-2021-38681

Name of the Vulnerable Software and Affected Versions QNAP NAS running Ragic Cloud DB (affected versions not specified)

Description A reflected cross-site scripting (XSS) vulnerability has been reported, allowing remote attackers to inject malicious code if exploited. The vulnerability exists due to inadequate protection of the web page structure. QNAP has disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.