CVE-2020-2503

Medium

If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP…

qnap·CWE-79·Published 2020-12-24

CVSS

5.4

EPSS

0.01

KEV

Exploits

cve.orgen

206 chars

If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

NVDen

206 chars

NVDes

247 chars

Si se explota, esta vulnerabilidad de tipo cross-site scripting almacenado podría permitir a atacantes remotos inyectar código malicioso en File Station. QNAP ya ha corregido estos problemas en QES versiones 2.1.1 Build 20201006 y posteriores

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
3.1	Primary	cve.org	9.0	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H