Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2017-13072

Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.

  • Published: Jun 21, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-13072
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
qnap / qts 4.3.3 4.3.3.x
qnap / qts 4.3.4 4.3.4.x
qnap / qts 4.2.6 4.2.6.x