CyberSec.Space Logo
Back to CVE Browser

CVE-2018-19943

Known Exploited (CISA KEV)HIGH
8.0
CVSS Severity Score
EPSS Score58.2420%
EPSS Percentile94.11th
PublishedOct 28, 2020
Last ModifiedNov 3, 2025

Vulnerability Description

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

Affected Platforms (CPE)

πŸ’»
Qnap

Qts

< 4.2.6
πŸ’»
Qnap

Qts

>= 4.3.1.0013 and < 4.3.3.1252
πŸ’»
Qnap

Qts

>= 4.3.4 and < 4.3.4.1282
πŸ’»
Qnap

Qts

>= 4.3.6 and < 4.3.6.1263
πŸ’»
Qnap

Qts

>= 4.4.0 and < 4.4.1.1261
πŸ’»
Qnap

Qts

>= 4.4.2 and < 4.4.2.1270
πŸ’»
Qnap

Qts

= 4.2.6
πŸ’»
Qnap

Qts

= 4.2.6
πŸ’»
Qnap

Qts

= 4.2.6
πŸ’»
Qnap

Qts

= 4.2.6
πŸ’»
Qnap

Qts

= 4.2.6
πŸ’»
Qnap

Qts

= 4.2.6
πŸ’»
Qnap

Qts

= 4.2.6
πŸ’»
Qnap

Qts

= 4.2.6
πŸ’»
Qnap

Qts

= 4.2.6
πŸ’»
Qnap

Qts

= 4.2.6

References & Advisories

πŸ”— https://www.qnap.com/zh-tw/security-advisory/qsa-20-01
πŸ”— https://www.qnap.com/zh-tw/security-advisory/qsa-20-01
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19943

Related Vulnerabilities

CVE-2017-787610.0

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have a...

CVE-2021-2879910.0

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, th...

CVE-2018-07309.8

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulne...

CVE-2018-199499.8

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed ...