CVE-2020-2494

Medium

This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this…

qnap·CWE-79·Published 2020-12-10

CVSS

6.1

EPSS

0.01

KEV

Exploits

cve.orgen

326 chars

This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later

NVDen

326 chars

NVDes

406 chars

Esta vulnerabilidad de tipo cross-site scripting en Music Station permite a atacantes remotos inyectar código malicioso. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Music Station. QuTS hero versión h4.5.1: Music Station versión 5.3.13 y posterior, QTS versión 4.5.1: Music Station versión 5.3.12 y posterior, QTS versión 4.4.3: Music Station versión 5.3.12 y posterior

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N