Cross-Site Scripting Vulnerability in QNAP NAS Proxy Server
CVE-2017-7636

6.1MEDIUM

Key Information:

Vendor: Qnap
Status: Nas Proxy Server
Vendor: CVE Published:; 5 June 2018

Summary

The Proxy Server application on QNAP NAS devices up to version 1.2.0 is susceptible to a cross-site scripting vulnerability. This flaw enables remote attackers to inject arbitrary web scripts or HTML into web pages viewed by users, potentially compromising user accounts and enabling further malicious actions. Users are advised to upgrade to a patched version and follow best security practices.

References

https://www.qnap.com/en/security-advisory/nas-201806-01

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041025

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 5, 2018
Vulnerability Reserved
Apr 10, 2017