Cross-Site Scripting Vulnerability in License Center by QNAP
CVE-2024-50406

2LOW

Key Information:

Vendor: QNAP
Status: License Center
Vendor: CVE Published:; 6 June 2025

What is CVE-2024-50406?

A cross-site scripting (XSS) vulnerability in License Center may allow remote attackers, who have obtained user access, to bypass security mechanisms or access sensitive application data. Users are urged to update to License Center version 1.9.49 or later to mitigate this risk. For more details, please refer to QNAP's security advisory.

Affected Version(s)

License Center 1.9.x < 1.9.49

References

https://www.qnap.com/en/security-advisory/qsa-25-11

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Oct 24, 2024

Credit

Searat and izut

JSON