5.0.5

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-06	CVE-2023-45038	Improper Authentication vulnerability in Qnap Music Station An improper authentication vulnerability has been reported to affect Music Station. network low complexity qnap CWE-287	8.8
2021-05-13	CVE-2020-36197	Unspecified vulnerability in Qnap Music Station An improper access control vulnerability has been reported to affect earlier versions of Music Station. low complexity qnap	8.8
2020-12-10	CVE-2020-2494	Cross-site Scripting vulnerability in Qnap Music Station This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. network low complexity qnap CWE-79	6.1
2020-11-02	CVE-2018-19952	SQL Injection vulnerability in Qnap Music Station If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. network low complexity qnap CWE-89	7.5
2020-11-02	CVE-2018-19951	Cross-site Scripting vulnerability in Qnap Music Station If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. network low complexity qnap CWE-79	6.1
2020-11-02	CVE-2018-19950	Command Injection vulnerability in Qnap Music Station If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. network low complexity qnap CWE-77 critical	9.8
2019-12-05	CVE-2019-7185	Cross-site Scripting vulnerability in Qnap Music Station This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. network low complexity qnap CWE-79	4.8
2019-12-04	CVE-2018-0729	Command Injection vulnerability in Qnap Music Station This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. network low complexity qnap CWE-77 critical	9.8
2018-09-14	CVE-2018-0718	Command Injection vulnerability in Qnap Music Station Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. network low complexity qnap CWE-77 critical	9.8
2017-10-06	CVE-2017-13069	Command Injection vulnerability in Qnap Music Station QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. network low complexity qnap CWE-77 critical	9.8