CVE-2019-7197: XSS
First published: Wed Dec 04 2019(Updated: )
A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version.
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP QTS | =4.2.6 | |
| QNAP QTS | =4.3.3 | |
| QNAP QTS | =4.3.4 | |
| QNAP QTS | =4.3.6 | |
| QNAP QTS | =4.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-7197?
The severity of CVE-2019-7197 is high due to its potential to allow stored XSS attacks on the administrator console.
How do I fix CVE-2019-7197?
To fix CVE-2019-7197, you should update QTS to the latest version recommended by QNAP.
Which versions of QTS are affected by CVE-2019-7197?
CVE-2019-7197 affects QTS versions 4.2.6, 4.3.3, 4.3.4, 4.3.6, and 4.4.1.
What type of vulnerability is CVE-2019-7197?
CVE-2019-7197 is a stored cross-site scripting (XSS) vulnerability.
What can an attacker do with CVE-2019-7197?
An attacker can exploit CVE-2019-7197 to inject and execute scripts on the administrator console.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/qnap
- canonical/qnap qts
- version/qnap qts/4.2.6
- version/qnap qts/4.3.3
- version/qnap qts/4.3.4
- version/qnap qts/4.3.6
- version/qnap qts/4.4.1