CVE-2021-38675 MEDIUM

CVE-2021-38675: Stored XSS Vulnerability in Image2PDF

Vendor Qnap Systems Inc.
Product Image2PDF
Weakness CWE-79 · XSS
Published October 1, 2021
Last update September 16, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later

Key dates

02Disclosure timeline

October 1, 2021 CVE published
September 16, 2024 Record updated