Cross-Site Scripting Vulnerability in Music Station by QNAP
CVE-2019-7185
4.8MEDIUM
Key Information:
- Vendor
Qnap
- Vendor
- CVE Published:
- 5 December 2019
What is CVE-2019-7185?
A vulnerability in QNAP's Music Station allows remote attackers to perform cross-site scripting (XSS) attacks through the administrator’s management console. By injecting malicious scripts, attackers can execute arbitrary code, potentially compromising the system. QNAP recommends updating Music Station to the latest version to mitigate this risk effectively.
Affected Version(s)
QNAP NAS devices running Music Station QTS 4.4.1: Music Station before version 5.3.5, QTS 4.3.6 - QTS 4.4.0: Music Station before version 5.2.7, QTS 4.3.0 - QTS 4.3.4: Music Station before version 5.1.11