CVE-2020-2503
MEDIUM WAF: High
CVSS 5.4
Published: 2020-12-24
CWE-79 CWE-79
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
WAF Coverage Analysis
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| qnap | qes | up to 2.1.1 |
| qnap | qes | 2.1.1 |
| qnap | qes | 2.1.1 |
| qnap | qes | 2.1.1 |
| qnap | qes | 2.1.1 |
| qnap | qes | 2.1.1 |
| qnap | qes | 2.1.1 |
| qnap | qes | 2.1.1 |
References
- www.qnap.com (Vendor Advisory)