Cross-site Scripting Vulnerability in QNAP NAS Media Streaming Application
CVE-2017-7634

6.1MEDIUM

Key Information:

Vendor
Qnap
Vendor
CVE Published:
8 March 2018

Summary

A cross-site scripting (XSS) vulnerability exists in QNAP's NAS Media Streaming add-on, allowing remote attackers to inject arbitrary web scripts or HTML. The vulnerability affects specific versions of the add-on, enabling attackers to execute the injected code through a specially crafted link, posing significant risks to user data and system integrity.

Affected Version(s)

QNAP Media Streaming Add-On 421.1.0.2, 430.1.2.0, and earlier

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.