Vulnerabilities > Qnap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2018-19954 | Cross-site Scripting vulnerability in Qnap Photo Station The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. | 6.1 |
| 2020-11-02 | CVE-2018-19951 | Cross-site Scripting vulnerability in Qnap Music Station If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. | 6.1 |
| 2020-10-28 | CVE-2018-19953 | Cross-site Scripting vulnerability in Qnap QTS If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. | 6.1 |
| 2020-10-28 | CVE-2018-19943 | Cross-site Scripting vulnerability in Qnap QTS If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. | 5.4 |
| 2020-09-11 | CVE-2018-19948 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap Helpdesk The vulnerability have been reported to affect earlier versions of Helpdesk. | 6.5 |
| 2020-09-11 | CVE-2018-19947 | Information Exposure Through an Error Message vulnerability in Qnap Helpdesk The vulnerability have been reported to affect earlier versions of Helpdesk. | 6.5 |
| 2020-09-11 | CVE-2018-19946 | Improper Certificate Validation vulnerability in Qnap Helpdesk The vulnerability have been reported to affect earlier versions of Helpdesk. | 5.9 |
| 2020-07-01 | CVE-2020-2500 | Use of Hard-coded Credentials vulnerability in Qnap Helpdesk This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. | 6.5 |
| 2019-12-05 | CVE-2019-7185 | Cross-site Scripting vulnerability in Qnap Music Station This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. | 4.8 |
| 2019-12-05 | CVE-2019-7184 | Cross-site Scripting vulnerability in Qnap Video Station This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. | 4.8 |