CVE-2020-36194 MEDIUM

CVE-2020-36194: XSS Vulnerability in QTS and QuTS heroCommand Injection Vulnerabilities in QTS and QuTS hero

Vendor Qnap Systems Inc.
Product QTS
Weakness CWE-79 · XSS
Published July 1, 2021
Last update September 17, 2024

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3.

Key dates

02Disclosure timeline

July 1, 2021 CVE published
September 17, 2024 Record updated