CVE-2023-34977: XSS
First published: Fri Oct 13 2023(Updated: )
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later
Credit: security@qnapsecurity.com.tw security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP Video Station | <2023.07.27 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-34977?
CVE-2023-34977 is a cross-site scripting (XSS) vulnerability that affects Video Station, a software developed by Qnap.
What is the severity of CVE-2023-34977?
The severity of CVE-2023-34977 is medium, with a CVSS score of 5.4.
How does CVE-2023-34977 affect Video Station?
CVE-2023-34977 allows authenticated users to inject malicious code into the Video Station network.
Which version of Video Station fixed CVE-2023-34977?
Video Station 5.7.0 (2023/07/27) and later versions have fixed the CVE-2023-34977 vulnerability.
Where can I find more information about CVE-2023-34977?
You can find more information about CVE-2023-34977 in the Qnap security advisory QSA-23-52.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/tags
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/qnap
- canonical/qnap video station