Cross-Site Scripting Vulnerability in QNAP Products

CVE-2023-23357

4.8MEDIUM

Key Information

Vendor: QNAP
Status: Qulog Center
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2023-23357 describes a critical cross-site scripting (XSS) vulnerability found in various QNAP QuLog Center operating system versions. Remote attackers with administrative access can exploit this flaw to bypass existing security mechanisms and potentially access sensitive application data. It is crucial for users of affected versions to update to the latest releases where this vulnerability has been resolved. QNAP has released patches in versions QuLog Center 1.5.0.738 (released on March 6, 2023), 1.4.1.691 (released on March 1, 2023), and 1.3.1.645 (released on February 22, 2023) to address this security concern. For further details and assistance, refer to QNAP's security advisory.

Affected Version(s)

QuLog Center < 1.5.0.738 ( 2023/03/06 )

QuLog Center < 1.4.1.691 ( 2023/03/01 )

QuLog Center < 1.3.1.645 ( 2023/02/22 )

Refferences

https://www.qnap.com/en/security-advisory/qsa-23-16

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Jan 11, 2023

Collectors

NVD DatabaseMitre Database

Credit

Kaibro