QuTScloud Cross-Site Scripting Vulnerability

CVE-2023-32969

4.9MEDIUM

Key Information

Vendor: QNAP
Status: Qutscloud; Qts; Quts Hero
Vendor: CVE Published:; 8 March 2024

Summary

A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

Affected Version(s)

QuTScloud < c5.x.x

QTS < 5.1.4.2596 build 20231128

QuTS hero < h5.1.x

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 8, 2024
Vulnerability Reserved.
May 16, 2023

Collectors

NVD DatabaseMitre Database

Credit

Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC