CVE-2021-38675: Stored XSS Vulnerability in Image2PDF
First published: Fri Oct 01 2021(Updated: )
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qnap Image2pdf | <2.1.5 | |
| QNAP NAS |
Remedy
We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-38675?
CVE-2021-38675 is a cross-site scripting (XSS) vulnerability that affects QNAP devices running Image2PDF.
What is the severity of CVE-2021-38675?
CVE-2021-38675 has a severity rating of 5.4 (medium).
How does CVE-2021-38675 affect QNAP devices?
CVE-2021-38675 allows remote attackers to inject malicious code into QNAP devices running Image2PDF.
Has CVE-2021-38675 been fixed?
Yes, CVE-2021-38675 has been fixed in Image2PDF version 2.1.5 (released on 2021/08/17).
Where can I find more information about CVE-2021-38675?
You can find more information about CVE-2021-38675 in the QNAP security advisory QSA-21-43.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/title
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/qnap
- canonical/qnap image2pdf
- canonical/qnap nas