Cross-Site Scripting Vulnerability in QNAP Operating Systems

CVE-2023-23354

7.3HIGH

Key Information

Vendor: QNAP
Status: Qulog Center
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2023-23354 describes a high-severity cross-site scripting (XSS) vulnerability present in several versions of QNAP's QuLog Center. This flaw allows remote attackers who have gained user access to bypass essential security measures and potentially read sensitive application data. Since the vulnerability may be exploited via malicious scripts, it poses a significant threat to user security and privacy. QNAP has released patches in versions QuLog Center 1.5.0.738 and later, QuLog Center 1.4.1.691 and later, and QuLog Center 1.3.1.645 and later to mitigate these risks. Users are strongly advised to upgrade to the latest versions to ensure their systems are secure.

Affected Version(s)

QuLog Center < 1.5.0.738 ( 2023/03/06 )

QuLog Center < 1.4.1.691 ( 2023/03/01 )

QuLog Center < 1.3.1.645 ( 2023/02/22 )

Refferences

https://www.qnap.com/en/security-advisory/qsa-23-13

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Jan 11, 2023

Collectors

NVD DatabaseMitre Database

Credit

Kaibro