Home

Description

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later

PUBLISHED Reserved 2025-10-24 | Published 2026-01-02 | Updated 2026-01-05 | Assigner qnap




LOW: 2.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U

Problem types

CWE-79

Product status

Default status
unaffected

2.x (custom) before 2.8.1
affected

Credits

Tim Coen finder

References

www.qnap.com/en/security-advisory/qsa-25-49

cve.org (CVE-2025-62857)

nvd.nist.gov (CVE-2025-62857)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.