Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Image2PDF by QNAP Systems Inc.
CVE-2021-38675 (GCVE-0-2021-38675)
Vulnerability from nvd – Published: 2021-10-01 02:50 – Updated: 2024-09-16 20:26
VLAI
Title
Stored XSS Vulnerability in Image2PDF
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later
Severity
5.4 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-43 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Image2PDF |
Affected:
unspecified , < 2.1.5 ( 2021/08/17 )
(custom)
|
Date Public
2021-10-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Image2PDF",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.5 ( 2021/08/17 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2021-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-01T02:50:20.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-43"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Image2PDF:\nImage2PDF 2.1.5 ( 2021/08/17 ) and later"
}
],
"source": {
"advisory": "QSA-21-43",
"discovery": "EXTERNAL"
},
"title": "Stored XSS Vulnerability in Image2PDF",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-10-01T10:26:00.000Z",
"ID": "CVE-2021-38675",
"STATE": "PUBLIC",
"TITLE": "Stored XSS Vulnerability in Image2PDF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Image2PDF",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.5 ( 2021/08/17 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-43",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-43"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Image2PDF:\nImage2PDF 2.1.5 ( 2021/08/17 ) and later"
}
],
"source": {
"advisory": "QSA-21-43",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38675",
"datePublished": "2021-10-01T02:50:20.876Z",
"dateReserved": "2021-08-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:41.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38675 (GCVE-0-2021-38675)
Vulnerability from cvelistv5 – Published: 2021-10-01 02:50 – Updated: 2024-09-16 20:26
VLAI
Title
Stored XSS Vulnerability in Image2PDF
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later
Severity
5.4 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-43 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Image2PDF |
Affected:
unspecified , < 2.1.5 ( 2021/08/17 )
(custom)
|
Date Public
2021-10-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Image2PDF",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.5 ( 2021/08/17 )",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tony Martin, a security researcher"
}
],
"datePublic": "2021-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-01T02:50:20.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-21-43"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Image2PDF:\nImage2PDF 2.1.5 ( 2021/08/17 ) and later"
}
],
"source": {
"advisory": "QSA-21-43",
"discovery": "EXTERNAL"
},
"title": "Stored XSS Vulnerability in Image2PDF",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-10-01T10:26:00.000Z",
"ID": "CVE-2021-38675",
"STATE": "PUBLIC",
"TITLE": "Stored XSS Vulnerability in Image2PDF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Image2PDF",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.5 ( 2021/08/17 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-21-43",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-43"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of Image2PDF:\nImage2PDF 2.1.5 ( 2021/08/17 ) and later"
}
],
"source": {
"advisory": "QSA-21-43",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-38675",
"datePublished": "2021-10-01T02:50:20.876Z",
"dateReserved": "2021-08-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:41.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}