Cross-Site Scripting Vulnerability in Music Station by QNAP
CVE-2019-7185

4.8MEDIUM

Key Information:

Vendor: Qnap
Status: Qnap Nas Devices Running Music Station
Vendor: CVE Published:; 5 December 2019

Summary

A vulnerability in QNAP's Music Station allows remote attackers to perform cross-site scripting (XSS) attacks through the administrator’s management console. By injecting malicious scripts, attackers can execute arbitrary code, potentially compromising the system. QNAP recommends updating Music Station to the latest version to mitigate this risk effectively.

Affected Version(s)

QNAP NAS devices running Music Station QTS 4.4.1: Music Station before version 5.3.5, QTS 4.3.6 - QTS 4.4.0: Music Station before version 5.2.7, QTS 4.3.0 - QTS 4.3.4: Music Station before version 5.1.11

References

https://www.qnap.com/zh-tw/security-advisory/nas-201911-27

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 5, 2019
Vulnerability Reserved
Jan 29, 2019