Vulnerability Description
A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center v1.12.1012 and later QTS 4.3.6: Q’center v1.10.1004 and later QTS 4.3.3: Q’center v1.10.1004 and later QuTS hero h4.5.2: Q’center v1.12.1012 and later QuTScloud c4.5.4: Q’center v1.12.1012 and later
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Q\'Center | < 1.12.1012 |
| Qnap | Qts | 4.5.3 |
| Qnap | Quts Hero | h4.5.2 |
| Qnap | Qutscloud | c4.5.4 |
Related Weaknesses (CWE)
References
- https://www.qnap.com/zh-tw/security-advisory/qsa-21-20Vendor Advisory
- https://www.shielder.it/advisories/qnap-qcenter-post-auth-remote-code-execution-ExploitThird Party Advisory
- https://www.shielder.it/advisories/qnap-qcenter-virtual-stored-xss/ExploitThird Party Advisory
- https://www.qnap.com/zh-tw/security-advisory/qsa-21-20Vendor Advisory
- https://www.shielder.it/advisories/qnap-qcenter-post-auth-remote-code-execution-ExploitThird Party Advisory
- https://www.shielder.it/advisories/qnap-qcenter-virtual-stored-xss/ExploitThird Party Advisory
FAQ
What is CVE-2021-28807?
CVE-2021-28807 is a vulnerability with a CVSS score of 7.7 (HIGH). A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have al...
How severe is CVE-2021-28807?
CVE-2021-28807 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28807?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Q\'Center, Qnap Qts, Qnap Quts Hero, Qnap Qutscloud.