{"containers": {"cna": {"affected": [{"product": "QNAP NAS devices running Video Station", "vendor": "n/a", "versions": [{"status": "affected", "version": "QTS 4.4.1: Video Station before version 5.4.3, QTS 4.3.4 - QTS 4.4.0: Video Station before version 5.3.10"}]}], "descriptions": [{"lang": "en", "value": "This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator\u2019s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions."}], "problemTypes": [{"descriptions": [{"description": "Cross-site Scripting (XSS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-05T16:45:14.000Z", "orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@qnap.com", "ID": "CVE-2019-7184", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "QNAP NAS devices running Video Station", "version": {"version_data": [{"version_value": "QTS 4.4.1: Video Station before version 5.4.3, QTS 4.3.4 - QTS 4.4.0: Video Station before version 5.3.10"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator\u2019s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27", "refsource": "CONFIRM", "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:38:33.496Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27"}]}]}, "cveMetadata": {"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "assignerShortName": "qnap", "cveId": "CVE-2019-7184", "datePublished": "2019-12-05T16:45:14.000Z", "dateReserved": "2019-01-29T00:00:00.000Z", "dateUpdated": "2024-08-04T20:38:33.496Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7773147-4835-4F95-A72A-E4758F457671", "versionEndExcluding": "5.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "47B6D38A-D7C9-4D55-921C-488D56C43F25", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*", "matchCriteriaId": "10F9A133-6D50-4EE9-80CE-7EE9555892FA", "versionEndExcluding": "5.3.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD20D15E-C474-48FC-9A84-12CD6AF01F1F", "versionEndIncluding": "4.4.0", "versionStartIncluding": "4.3.4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator\u2019s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions."}, {"lang": "es", "value": "Esta vulnerabilidad de secuencias de comandos entre sitios (XSS) en Video Station permite a los atacantes remotos inyectar y ejecutar secuencias de comandos en la consola de administraci\u00f3n del administrador. Para corregir esta vulnerabilidad, QNAP recomienda actualizar Video Station a sus \u00faltimas versiones."}], "id": "CVE-2019-7184", "lastModified": "2024-11-21T04:47:44.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-05T17:15:12.810", "references": [{"source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}