Vulnerabilities > Qnap > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-03 | CVE-2021-28806 | Cross-site Scripting vulnerability in Qnap QTS A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. | 3.5 |
| 2020-12-24 | CVE-2020-2503 | Cross-site Scripting vulnerability in Qnap QES 2.1.1 If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. | 3.5 |
| 2020-12-24 | CVE-2020-2505 | Information Exposure Through an Error Message vulnerability in Qnap QES 2.1.1 If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. | 2.1 |
| 2020-10-28 | CVE-2018-19943 | Cross-site Scripting vulnerability in Qnap QTS If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. | 3.5 |
| 2019-12-04 | CVE-2019-7197 | Cross-site Scripting vulnerability in Qnap QTS A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. | 3.5 |
| 2014-08-25 | CVE-2014-5457 | Permissions, Privileges, and Access Controls vulnerability in Qnap products QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password. | 2.1 |