Vulnerabilities > Qnap > QTS > 4.3.4.0526
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-10 | CVE-2019-7198 | Command Injection vulnerability in Qnap QTS and Quts Hero This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. | 7.5 |
| 2020-11-16 | CVE-2020-2492 | Command Injection vulnerability in Qnap QTS If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. | 6.5 |
| 2020-11-16 | CVE-2020-2490 | Command Injection vulnerability in Qnap QTS If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. | 6.5 |
| 2020-10-28 | CVE-2018-19953 | Cross-site Scripting vulnerability in Qnap QTS If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. | 4.3 |
| 2020-10-28 | CVE-2018-19949 | Command Injection vulnerability in Qnap QTS If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. | 7.5 |
| 2020-10-28 | CVE-2018-19943 | Cross-site Scripting vulnerability in Qnap QTS If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. | 3.5 |
| 2018-04-30 | CVE-2018-0711 | Cross-site Scripting vulnerability in Qnap QTS Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. | 4.3 |