CVE-2021-44053

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later

Published: May 5, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-44053
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
qnap / quts_hero	-	h4.5.4.1771
qnap / qts	5.0.0.1716	5.0.0.1986
qnap / qts	4.4.0.0883	4.5.4.1991
qnap / qts	4.3.6.0895	4.3.6.1965
qnap / qts	4.3.4.0899	4.3.4.1976
qnap / qts	4.3.3.0174	4.3.3.1945
qnap / qts	4.2.6-build_20170517	4.2.6-build_20170517.x
qnap / qts	4.2.6-build_20190322	4.2.6-build_20190322.x
qnap / qts	4.2.6-build_20190730	4.2.6-build_20190730.x
qnap / qts	4.2.6-build_20190921	4.2.6-build_20190921.x
qnap / qts	4.2.6-build_20191107	4.2.6-build_20191107.x
qnap / qts	4.2.6-build_20200109	4.2.6-build_20200109.x
qnap / qts	4.2.6-build_20200421	4.2.6-build_20200421.x
qnap / qts	4.2.6-build_20200611	4.2.6-build_20200611.x
qnap / qts	4.2.6-build_20200821	4.2.6-build_20200821.x
qnap / qts	4.2.6-build_20210327	4.2.6-build_20210327.x
qnap / qts	4.2.6-build_20211215	4.2.6-build_20211215.x
qnap / quts_hero	h5.0.0.1772	h5.0.0.1986
qnap / qutscloud	-	c5.0.1.1998

https://www.qnap.com/en/security-advisory/qsa-22-16

Vulnerability Database

289,697

CVE-2021-44053