Cross-site Scripting Vulnerability in QNAP NAS Media Streaming Application
CVE-2017-7634
6.1MEDIUM
Summary
A cross-site scripting (XSS) vulnerability exists in QNAP's NAS Media Streaming add-on, allowing remote attackers to inject arbitrary web scripts or HTML. The vulnerability affects specific versions of the add-on, enabling attackers to execute the injected code through a specially crafted link, posing significant risks to user data and system integrity.
Affected Version(s)
QNAP Media Streaming Add-On 421.1.0.2, 430.1.2.0, and earlier
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved