Vulnerabilities > Qnap > QTS > 4.3.6.2441

DATE CVE VULNERABILITY TITLE RISK
2020-12-10 CVE-2020-2497 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs.
network
low complexity
qnap CWE-79
6.1
6.1
2020-12-10 CVE-2020-2496 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.
network
low complexity
qnap CWE-79
6.1
6.1
2020-12-10 CVE-2020-2495 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.
network
low complexity
qnap CWE-79
6.1
6.1
2020-12-10 CVE-2019-7198 Command Injection vulnerability in Qnap QTS and Quts Hero
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2020-11-16 CVE-2020-2492 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
7.2
7.2
2020-11-16 CVE-2020-2490 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
7.2
7.2