Vulnerabilities > CVE-2021-38681 - Unspecified vulnerability in Qnap Ragic Cloud DB

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
qnap

Summary

A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.