Vulnerabilities > Qnap > QTS > 4.3.6.0993

DATE CVE VULNERABILITY TITLE RISK
2020-12-29 CVE-2020-25847 Command Injection vulnerability in Qnap QTS
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
network
low complexity
qnap CWE-77
6.5
6.5
2020-12-10 CVE-2020-2498 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration.
network
low complexity
qnap CWE-79
6.1
6.1
2020-12-10 CVE-2020-2497 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs.
network
qnap CWE-79
4.3
4.3
2020-12-10 CVE-2020-2496 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.
network
qnap CWE-79
4.3
4.3
2020-12-10 CVE-2020-2495 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.
network
qnap CWE-79
4.3
4.3
2020-12-10 CVE-2019-7198 Command Injection vulnerability in Qnap QTS and Quts Hero
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
network
low complexity
qnap CWE-77
7.5
7.5
2020-11-16 CVE-2020-2492 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
6.5
6.5
2020-11-16 CVE-2020-2490 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
6.5
6.5
2020-10-28 CVE-2018-19953 Cross-site Scripting vulnerability in Qnap QTS
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.
network
qnap CWE-79
4.3
4.3
2020-10-28 CVE-2018-19949 Command Injection vulnerability in Qnap QTS
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.
network
low complexity
qnap CWE-77
7.5
7.5