Vulnerabilities > Qnap > QTS > 4.3.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-17 | CVE-2020-2509 | Command Injection vulnerability in Qnap QTS A command injection vulnerability has been reported to affect QTS and QuTS hero. | 9.8 |
| 2021-04-16 | CVE-2018-19942 | Cross-site Scripting vulnerability in Qnap QTS and Quts Hero A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. | 4.3 |
| 2020-12-10 | CVE-2020-2498 | Cross-site Scripting vulnerability in Qnap QTS and Quts Hero If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. | 6.1 |
| 2020-12-10 | CVE-2020-2497 | Cross-site Scripting vulnerability in Qnap QTS and Quts Hero If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. | 4.3 |
| 2020-12-10 | CVE-2020-2496 | Cross-site Scripting vulnerability in Qnap QTS and Quts Hero If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. | 4.3 |
| 2020-12-10 | CVE-2020-2495 | Cross-site Scripting vulnerability in Qnap QTS and Quts Hero If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. | 4.3 |
| 2020-12-10 | CVE-2019-7198 | Command Injection vulnerability in Qnap QTS and Quts Hero This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. | 7.5 |
| 2020-11-02 | CVE-2018-19952 | SQL Injection vulnerability in Qnap Music Station If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. | 5.0 |
| 2019-12-04 | CVE-2019-7197 | Cross-site Scripting vulnerability in Qnap QTS A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. | 3.5 |
| 2019-12-04 | CVE-2018-0729 | Command Injection vulnerability in Qnap Music Station This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. | 7.5 |