Vulnerabilities > Qnap > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-27 CVE-2017-7632 Cross-site Scripting vulnerability in Qnap QTS 4.2.6/4.3.3
Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.
network
low complexity
qnap CWE-79
6.1
6.1
2018-03-27 CVE-2017-7631 Cross-site Scripting vulnerability in Qnap QTS 4.2.6/4.3.3
Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.
network
low complexity
qnap CWE-79
6.1
6.1
2018-03-27 CVE-2017-7630 Information Exposure vulnerability in Qnap QTS 4.2.6/4.3.3
QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi.
network
low complexity
qnap CWE-200
5.3
5.3
2018-03-08 CVE-2017-7638 Improper Authentication vulnerability in Qnap Media Streaming Add-On
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly.
network
low complexity
qnap CWE-287
6.5
6.5
2018-03-08 CVE-2017-7634 Cross-site Scripting vulnerability in Qnap Media Streaming Add-On
Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML.
network
low complexity
qnap CWE-79
6.1
6.1
2016-07-03 CVE-2015-5664 Cross-site Scripting vulnerability in Qnap QTS
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
qnap CWE-79
6.1
6.1
2009-09-21 CVE-2009-3278 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qnap Ts-239 PRO Firmware and Ts-639 PRO Firmware
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.
local
low complexity
qnap CWE-338
5.5
5.5