CVE-2021-28807
Summary
| CVE | CVE-2021-28807 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-03 03:15:00 UTC |
| Updated | 2021-09-14 14:30:00 UTC |
| Description | A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center v1.12.1012 and later QTS 4.3.6: Q’center v1.10.1004 and later QTS 4.3.3: Q’center v1.10.1004 and later QuTS hero h4.5.2: Q’center v1.12.1012 and later QuTScloud c4.5.4: Q’center v1.12.1012 and later |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Qnap | Qts | 4.3.3 | All | All | All |
| Operating System | Qnap | Qts | 4.3.6 | All | All | All |
| Operating System | Qnap | Qts | 4.5.3 | All | All | All |
| Operating System | Qnap | Qutscloud | c4.5.4 | All | All | All |
| Operating System | Qnap | Quts Hero | h4.5.2 | All | All | All |
| Application | Qnap | Qcenter | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Shielder - QNAP Q'center Virtual Appliance < 1.12.1014 Stored XSS | MISC | www.shielder.it | |
| Post-Authentication Reflected XSS Vulnerability in Q'center - Security Advisory | QNAP | MISC | www.qnap.com | |
| Shielder - QNAP Q'center Post-Auth Remote Code Execution via QPKG | MISC | www.shielder.it | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Andrea Cappa
There are currently no legacy QID mappings associated with this CVE.