Strix
26.1K

CVE-2018-19942

MEDIUMCVSS 6.1/10EPSS 0.75%

Last modified

CVE-2018-19942 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. EPSS estimates a 0.75% chance of exploitation in the next 30 days.

Description

A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later)

Metrics

CVSS 3.1
6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.75%

50.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
QnapQts< 4.2.6
QnapQts>= 4.3.5, < 4.3.6
QnapQts>= 4.4.0, < 4.5.1
QnapQts4.2.6
QnapQts4.3.3
QnapQts4.3.3.0095
QnapQts4.3.3.0096
QnapQts4.3.3.0136
QnapQts4.3.3.0154
QnapQts4.3.3.0174
QnapQts4.3.3.0188
QnapQts4.3.3.0210
QnapQts4.3.3.0229
QnapQts4.3.3.0238
QnapQts4.3.3.0262
QnapQts4.3.3.0299
QnapQts4.3.3.0351
QnapQts4.3.3.0353
QnapQts4.3.3.0361
QnapQts4.3.3.0369
QnapQts4.3.3.0378
QnapQts4.3.3.0396
QnapQts4.3.3.0404
QnapQts4.3.3.0416
QnapQts4.3.3.0418
QnapQts4.3.3.0448
QnapQts4.3.3.0514
QnapQts4.3.3.0546
QnapQts4.3.3.0570
QnapQts4.3.3.0868
QnapQts4.3.3.0998
QnapQts4.3.3.1051
QnapQts4.3.3.1098
QnapQts4.3.3.1161
QnapQts4.3.3.1252
QnapQts4.3.3.1315
QnapQts4.3.3.1386
QnapQts4.3.4
QnapQts4.3.4.0358
QnapQts4.3.4.0370
QnapQts4.3.4.0372
QnapQts4.3.4.0374
QnapQts4.3.4.0387
QnapQts4.3.4.0411
QnapQts4.3.4.0416
QnapQts4.3.4.0427
QnapQts4.3.4.0434
QnapQts4.3.4.0435
QnapQts4.3.4.0451
QnapQts4.3.4.0483

Showing 50 of 92 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-19942?
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later)
How severe is CVE-2018-19942?
CVE-2018-19942 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.75% probability of exploitation in the next 30 days.
How do I fix CVE-2018-19942?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-19942?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST