CVE-2020-36196 - Vulnerability Details - OpenCVE

Description

A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0.

Published: 2021-07-01

Score: 6.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

QNAP Systems Inc.

QuLog Center

affected

Version	Status	Constraints
`unspecified`	affected	< 1.2.0

Configuration 1 [-]

cpe:2.3:a:qnap:qulog_center:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

QNAP have already fixed this vulnerability in the following versions: QuLog Center 1.2.0 and later

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-23760	A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00285.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qnap.com/zh-tw/security-advisory/qsa-21-30

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00474}`	epss `{'score': 0.00285}`

Subscriptions

Qnap Qulog Center

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2021-07-01T02:00:18.925Z

Updated: 2024-09-16T19:30:06.275Z

Reserved: 2021-01-19T00:00:00.000Z

Link: CVE-2020-36196

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-07-01T02:15:07.240

Modified: 2024-11-21T05:28:59.750

Link: CVE-2020-36196

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"containers": {"cna": {"affected": [{"product": "QuLog Center", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "1.2.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Jan Hoff"}], "datePublic": "2021-07-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-01T02:00:18.000Z", "orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"}], "solutions": [{"lang": "en", "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQuLog Center 1.2.0 and later"}], "source": {"advisory": "QSA-21-30", "discovery": "EXTERNAL"}, "title": "Stored XSS Vulnerability in QuLog Center", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@qnap.com", "DATE_PUBLIC": "2021-07-01T01:19:00.000Z", "ID": "CVE-2020-36196", "STATE": "PUBLIC", "TITLE": "Stored XSS Vulnerability in QuLog Center"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "QuLog Center", "version": {"version_data": [{"version_affected": "<", "version_value": "1.2.0"}]}}]}, "vendor_name": "QNAP Systems Inc."}]}}, "credit": [{"lang": "eng", "value": "Jan Hoff"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30", "refsource": "MISC", "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"}]}, "solution": [{"lang": "en", "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQuLog Center 1.2.0 and later"}], "source": {"advisory": "QSA-21-30", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:09.567Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"}]}]}, "cveMetadata": {"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "assignerShortName": "qnap", "cveId": "CVE-2020-36196", "datePublished": "2021-07-01T02:00:18.925Z", "dateReserved": "2021-01-19T00:00:00.000Z", "dateUpdated": "2024-09-16T19:30:06.275Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap:qulog_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "42128AC9-6545-4F31-B4CC-D03A5B86E090", "versionEndExcluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0."}, {"lang": "es", "value": "Se ha reportado de una vulnerabilidad de tipo XSS almacenado que afecta al NAS de QNAP que ejecuta QuLog Center. Si es explotada, esta vulnerabilidad permite a atacantes inyectar c\u00f3digo malicioso. Este problema afecta: QNAP Systems Inc. versiones de QuLog Center anteriores a 1.2.0"}], "id": "CVE-2020-36196", "lastModified": "2024-11-21T05:28:59.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-01T02:15:07.240", "references": [{"source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "security@qnapsecurity.com.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}