Back to KEVs

CVE-2018-19943

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 07, 2018
Published Date: October 28, 2020
Last Updated: February 06, 2025
Vendor: QNAP Systems Inc.
Product: QTS
Description: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later
Tags

CVSS Scores

CVSS v3.1

8.0 - HIGH

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2022-05-24 00:00:00 UTC) Source
Used in Malware: Yes (added 2022-05-24 00:00:00 UTC) Source

References

https://www.qnap.com/zh-tw/security-advisory/qsa-20-01

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-05-24 00:00:00 UTC

Timeline

CVE ID Reserved

December 07, 2018
CVE Published to Public

October 28, 2020
Exploit Used in Malware

May 24, 2022
Added to KEVIntel

May 24, 2022