Vulnerabilities > Qnap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-04 | CVE-2019-7197 | Cross-site Scripting vulnerability in Qnap QTS A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. | 4.8 |
| 2018-12-26 | CVE-2018-0724 | Cross-site Scripting vulnerability in Qnap Q'Center Virtual Appliance 1.8.1014 Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723. | 6.1 |
| 2018-12-26 | CVE-2018-0723 | Cross-site Scripting vulnerability in Qnap Q'Center Virtual Appliance 1.8.1014 Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724. | 6.1 |
| 2018-11-30 | CVE-2018-0716 | Cross-site Scripting vulnerability in Qnap QTS Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. | 6.1 |
| 2018-08-27 | CVE-2018-0715 | Cross-site Scripting vulnerability in Qnap Photo Station Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application. | 6.1 |
| 2018-06-21 | CVE-2017-13072 | Cross-site Scripting vulnerability in Qnap QTS 4.2.6/4.3.3/4.3.4 Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. | 6.1 |
| 2018-06-05 | CVE-2017-7639 | Improper Authentication vulnerability in Qnap NAS Proxy Server QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. | 5.3 |
| 2018-06-05 | CVE-2017-7636 | Cross-site Scripting vulnerability in Qnap NAS Proxy Server Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2018-04-30 | CVE-2018-0711 | Cross-site Scripting vulnerability in Qnap QTS Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2018-04-23 | CVE-2017-13073 | Cross-site Scripting vulnerability in Qnap Photo Station Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. | 6.1 |