Home

Description

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later

PUBLISHED Reserved 2023-01-11 | Published 2024-12-19 | Updated 2024-12-24 | Assigner qnap




HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Problem types

CWE-79

Product status

Default status
unaffected

1.5.x.x (custom) before 1.5.0.738 ( 2023/03/06 )
affected

1.4.x.x (custom) before 1.4.1.691 ( 2023/03/01 )
affected

1.3.x.x (custom) before 1.3.1.645 ( 2023/02/22 )
affected

Credits

Kaibro finder

References

www.qnap.com/en/security-advisory/qsa-23-13

cve.org (CVE-2023-23354)

nvd.nist.gov (CVE-2023-23354)

Download JSON