CVE-2021-38680: Reflected XSS in Kazoo Server
First published: Wed Dec 29 2021(Updated: )
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.20 and later
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qnap Kazoo Server | <4.11.20 |
Remedy
We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.20 and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the reported cross-site scripting (XSS) vulnerability affecting QNAP device running Kazoo Server?
The vulnerability ID is CVE-2021-38680.
What is the severity of CVE-2021-38680?
The severity of CVE-2021-38680 is medium, with a CVSS score of 6.1.
How does CVE-2021-38680 affect QNAP devices running Kazoo Server?
CVE-2021-38680 allows remote attackers to inject malicious code through cross-site scripting (XSS) attacks on QNAP devices running Kazoo Server.
Which versions of Kazoo Server have fixed CVE-2021-38680?
CVE-2021-38680 has been fixed in Kazoo Server version 4.11.20 and later.
Where can I find more information about CVE-2021-38680?
You can find more information about CVE-2021-38680 in the QNAP Security Advisory QSA-21-54 at https://www.qnap.com/en/security-advisory/qsa-21-54.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/tags
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- vendor/qnap
- canonical/qnap kazoo server