Vulnerabilities > Qnap > QTS

DATE CVE VULNERABILITY TITLE RISK
2020-12-10 CVE-2020-2495 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.
network
low complexity
qnap CWE-79
6.1
6.1
2020-12-10 CVE-2019-7198 Command Injection vulnerability in Qnap QTS and Quts Hero
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2020-11-16 CVE-2020-2492 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
7.2
7.2
2020-11-16 CVE-2020-2490 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
7.2
7.2
2020-10-28 CVE-2018-19953 Cross-site Scripting vulnerability in Qnap QTS
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.
network
low complexity
qnap CWE-79
6.1
6.1
2020-10-28 CVE-2018-19949 Command Injection vulnerability in Qnap QTS
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2020-10-28 CVE-2018-19943 Cross-site Scripting vulnerability in Qnap QTS
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.
network
low complexity
qnap CWE-79
5.4
5.4
2019-12-05 CVE-2019-7193 Improper Input Validation vulnerability in Qnap QTS
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system.
network
low complexity
qnap CWE-20
critical
 9.8
9.8
2019-12-05 CVE-2019-7183 Link Following vulnerability in Qnap QTS
This improper link resolution vulnerability allows remote attackers to access system files.
network
low complexity
qnap CWE-59
critical
 9.8
9.8
2019-12-04 CVE-2019-7197 Cross-site Scripting vulnerability in Qnap QTS
A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS.
network
low complexity
qnap CWE-79
4.8
4.8