Vulnerabilities > Qnap > QTS > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2021-38693 Path Traversal vulnerability in Qnap QTS and Qutscloud
A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance.
network
low complexity
qnap CWE-22
5.3
2022-05-05 CVE-2021-44053 Cross-site Scripting vulnerability in Qnap Qts, Quts Hero and Qutscloud
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud.
network
low complexity
qnap CWE-79
6.1
2022-05-05 CVE-2021-44054 Open Redirect vulnerability in Qnap Qts, Quts Hero and Qutscloud
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS.
network
low complexity
qnap CWE-601
6.1
2022-01-07 CVE-2021-38674 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud.
network
low complexity
qnap CWE-79
6.1
2021-09-10 CVE-2018-19957 Improper Restriction of Rendered UI Layers or Frames vulnerability in Qnap Qts, Quts Hero and Qutscloud
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud.
network
low complexity
qnap CWE-1021
6.1
2021-07-01 CVE-2020-36194 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero.
network
low complexity
qnap CWE-79
6.1
2021-06-03 CVE-2021-28806 Unspecified vulnerability in Qnap QTS
A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero.
network
low complexity
qnap
5.4
2021-04-16 CVE-2018-19942 Cross-site Scripting vulnerability in Qnap QTS
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station.
network
low complexity
qnap CWE-79
6.1
2020-12-10 CVE-2020-2498 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration.
network
low complexity
qnap CWE-79
6.1
2020-12-10 CVE-2020-2497 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs.
network
low complexity
qnap CWE-79
6.1