Stored XSS Vulnerability in QuLog Center
CVE-2020-36196

6.1MEDIUM

Key Information:

Vendor: QNAP
Status: Qulog Center
Vendor: CVE Published:; 1 July 2021

What is CVE-2020-36196?

A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0.

Affected Version(s)

QuLog Center < 1.2.0

References

https://www.qnap.com/zh-tw/security-advisory/qsa-21-30

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2021
Vulnerability Reserved
Jan 19, 2021

Credit

Jan Hoff