Vulnerabilities > Qstar > Archive Storage Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-13 | CVE-2023-51062 | Missing Authentication for Critical Function vulnerability in Qstar Archive Storage Manager 30 An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command. | 5.3 |
| 2024-01-13 | CVE-2023-51064 | Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30 QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table. | 6.1 |
| 2024-01-13 | CVE-2023-51067 | Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30 An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | 6.1 |
| 2024-01-13 | CVE-2023-51068 | Cross-site Scripting vulnerability in Qstar Archive Storage Manager 30 An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | 5.4 |
| 2024-01-13 | CVE-2023-51071 | Unspecified vulnerability in Qstar Archive Storage Manager 30 An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link. | 6.5 |