CVE-2025-62857 LOW

CVE-2025-62857: QuMagie

Vendor Qnap Systems Inc.

Product QuMagie

Weakness CWE-79 · XSS

Published January 2, 2026

Last update January 5, 2026

View on NVD All CVEs

CVSS base score

2.2/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later

Key dates

02Disclosure timeline

January 2, 2026 CVE published

January 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62857 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-42485 WordPress Gallery with thumbnail slider Plugin <= 6.0 is vulnerable to Cross Site Scripting (XSS) CVE-2025-3749 Breeze Display <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via cal_size Parameter CVE-2026-34902 WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability CVE-2024-13551 ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-2391 Netgear SRX5308 Web Management Interface cross site scripting