Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for QuLog Center by QNAP Systems Inc.

    CVE-2025-58469 (GCVE-0-2025-58469)

    Vulnerability from nvd – Published: 2025-11-07 15:08 – Updated: 2025-11-07 15:48
    VLAI
    Title
    QuLog Center
    Summary
    A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.927 ( 2025/09/17 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.8.x.x , < 1.8.2.927 ( 2025/09/17 ) (custom)
    Create a notification for this product.
    Credits
    Tim Coen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-07T15:48:03.836693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-07T15:48:30.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.8.2.927 ( 2025/09/17 )",
                  "status": "affected",
                  "version": "1.8.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tim Coen"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQuLog Center 1.8.2.927 ( 2025/09/17 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities.\n\nWe have already fixed the vulnerability in the following version:\nQuLog Center 1.8.2.927 ( 2025/09/17 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 1.2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-07T15:08:56.159Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-25-42"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQuLog Center 1.8.2.927 ( 2025/09/17 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nQuLog Center 1.8.2.927 ( 2025/09/17 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-25-42",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2025-58469",
        "datePublished": "2025-11-07T15:08:56.159Z",
        "dateReserved": "2025-09-03T00:59:25.448Z",
        "dateUpdated": "2025-11-07T15:48:30.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54168 (GCVE-0-2025-54168)

    Vulnerability from nvd – Published: 2025-11-07 15:12 – Updated: 2025-11-07 15:57
    VLAI
    Title
    QuLog Center
    Summary
    A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.923 ( 2025/08/27 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.8.x.x , < 1.8.2.923 ( 2025/08/27 ) (custom)
    Create a notification for this product.
    Credits
    Mohammad Abdullah - Infosec Researcher & Bugbounty hunter
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-07T15:49:41.496859Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-07T15:57:21.137Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.8.2.923 ( 2025/08/27 )",
                  "status": "affected",
                  "version": "1.8.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohammad Abdullah - Infosec Researcher \u0026 Bugbounty hunter"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQuLog Center 1.8.2.923 ( 2025/08/27 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following version:\nQuLog Center 1.8.2.923 ( 2025/08/27 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-07T15:12:10.966Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-25-42"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQuLog Center 1.8.2.923 ( 2025/08/27 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nQuLog Center 1.8.2.923 ( 2025/08/27 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-25-42",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2025-54168",
        "datePublished": "2025-11-07T15:12:10.966Z",
        "dateReserved": "2025-07-17T08:05:28.816Z",
        "dateUpdated": "2025-11-07T15:57:21.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-53696 (GCVE-0-2024-53696)

    Vulnerability from nvd – Published: 2025-03-07 16:13 – Updated: 2025-03-07 17:54
    VLAI
    Title
    QuLog Center
    Summary
    A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.829 ( 2024/10/01 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later QTS 4.5.4.2957 build 20241119 and later QuTS hero h4.5.4.2956 build 20241119 and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.7.x.x , < 1.7.0.829 ( 2024/10/01 ) (custom)
    Affected: 1.8.x.x , < 1.8.0.888 ( 2024/10/15 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. QTS Affected: 4.5.x , < 4.5.4.2957 build 20241119 (custom)
    Create a notification for this product.
    QNAP Systems Inc. QuTS hero Affected: h4.5.x , < h4.5.4.2956 build 20241119 (custom)
    Create a notification for this product.
    Credits
    Aymen BORGI and Ibrahim AYADHI from RandoriSec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-53696",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-07T17:54:00.666580Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-07T17:54:11.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.7.0.829 ( 2024/10/01 )",
                  "status": "affected",
                  "version": "1.7.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.0.888 ( 2024/10/15 )",
                  "status": "affected",
                  "version": "1.8.x.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QTS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "4.5.4.2957 build 20241119",
                  "status": "affected",
                  "version": "4.5.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QuTS hero",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "h4.5.4.2956 build 20241119",
                  "status": "affected",
                  "version": "h4.5.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aymen BORGI and Ibrahim AYADHI from RandoriSec"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\u003cbr\u003eQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\u003cbr\u003eQTS 4.5.4.2957 build 20241119 and later\u003cbr\u003eQuTS hero h4.5.4.2956 build 20241119 and later\u003cbr\u003e"
                }
              ],
              "value": "A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\nQTS 4.5.4.2957 build 20241119 and later\nQuTS hero h4.5.4.2956 build 20241119 and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-07T16:13:55.595Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-53"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\u003cbr\u003eQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\u003cbr\u003eQTS 4.5.4.2957 build 20241119 and later\u003cbr\u003eQuTS hero h4.5.4.2956 build 20241119 and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\nQTS 4.5.4.2957 build 20241119 and later\nQuTS hero h4.5.4.2956 build 20241119 and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-53",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-53696",
        "datePublished": "2025-03-07T16:13:55.595Z",
        "dateReserved": "2024-11-22T06:21:49.206Z",
        "dateUpdated": "2025-03-07T17:54:11.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23357 (GCVE-0-2023-23357)

    Vulnerability from nvd – Published: 2024-12-19 01:39 – Updated: 2024-12-24 00:41
    VLAI
    Title
    QuLog Center
    Summary
    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.5.x.x , < 1.5.0.738 ( 2023/03/06 ) (custom)
    Affected: 1.4.x.x , < 1.4.1.691 ( 2023/03/01 ) (custom)
    Affected: 1.3.x.x , < 1.3.1.645 ( 2023/02/22 ) (custom)
    Create a notification for this product.
    Credits
    Kaibro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-24T00:31:38.722886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-24T00:41:08.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.5.0.738 ( 2023/03/06 )",
                  "status": "affected",
                  "version": "1.5.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.4.1.691 ( 2023/03/01 )",
                  "status": "affected",
                  "version": "1.4.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.3.1.645 ( 2023/02/22 )",
                  "status": "affected",
                  "version": "1.3.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kaibro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\u003cbr\u003eQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\u003cbr\u003eQuLog Center 1.3.1.645 ( 2023/02/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T01:39:02.809Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-23-16"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\u003cbr\u003eQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\u003cbr\u003eQuLog Center 1.3.1.645 ( 2023/02/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-23-16",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-23357",
        "datePublished": "2024-12-19T01:39:02.809Z",
        "dateReserved": "2023-01-11T20:15:53.084Z",
        "dateUpdated": "2024-12-24T00:41:08.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23354 (GCVE-0-2023-23354)

    Vulnerability from nvd – Published: 2024-12-19 01:39 – Updated: 2024-12-24 00:40
    VLAI
    Title
    QuLog Center
    Summary
    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.5.x.x , < 1.5.0.738 ( 2023/03/06 ) (custom)
    Affected: 1.4.x.x , < 1.4.1.691 ( 2023/03/01 ) (custom)
    Affected: 1.3.x.x , < 1.3.1.645 ( 2023/02/22 ) (custom)
    Create a notification for this product.
    Credits
    Kaibro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23354",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-24T00:32:52.104475Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-24T00:40:55.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.5.0.738 ( 2023/03/06 )",
                  "status": "affected",
                  "version": "1.5.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.4.1.691 ( 2023/03/01 )",
                  "status": "affected",
                  "version": "1.4.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.3.1.645 ( 2023/02/22 )",
                  "status": "affected",
                  "version": "1.3.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kaibro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\u003cbr\u003eQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\u003cbr\u003eQuLog Center 1.3.1.645 ( 2023/02/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T01:39:27.208Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-23-13"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\u003cbr\u003eQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\u003cbr\u003eQuLog Center 1.3.1.645 ( 2023/02/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-23-13",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-23354",
        "datePublished": "2024-12-19T01:39:27.208Z",
        "dateReserved": "2023-01-11T20:15:53.084Z",
        "dateUpdated": "2024-12-24T00:40:55.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48862 (GCVE-0-2024-48862)

    Vulnerability from nvd – Published: 2024-11-22 15:31 – Updated: 2024-11-22 16:47
    VLAI
    Title
    QuLog Center
    Summary
    A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.831 ( 2024/10/15 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.7.x.x , < 1.7.0.831 ( 2024/10/15 ) (custom)
    Affected: 1.8.x.x , < 1.8.0.888 ( 2024/10/15 ) (custom)
    Create a notification for this product.
    qnap qulog_center Affected: 1.7.0.0 , < 1.7.0.831 (custom)
    Affected: 1.8.0.0 , < 1.8.0.888 (custom)
        cpe:2.3:a:qnap:qulog_center:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dinh Ho Anh Khoa
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:qulog_center:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qulog_center",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "1.7.0.831",
                    "status": "affected",
                    "version": "1.7.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.8.0.888",
                    "status": "affected",
                    "version": "1.8.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T16:43:22.727496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T16:47:06.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.7.0.831 ( 2024/10/15 )",
                  "status": "affected",
                  "version": "1.7.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.0.888 ( 2024/10/15 )",
                  "status": "affected",
                  "version": "1.8.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dinh Ho Anh Khoa"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\u003cbr\u003eQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-132",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-132"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:31:54.450Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-46"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\u003cbr\u003eQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-46",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-48862",
        "datePublished": "2024-11-22T15:31:54.450Z",
        "dateReserved": "2024-10-09T00:22:57.834Z",
        "dateUpdated": "2024-11-22T16:47:06.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32762 (GCVE-0-2024-32762)

    Vulnerability from nvd – Published: 2024-09-06 16:27 – Updated: 2024-09-06 17:32
    VLAI
    Title
    QuLog Center
    Summary
    A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.8.x.x , < 1.8.0.872 ( 2024/06/17 ) (custom)
    Affected: 1.7.x.x , < 1.7.0.827 ( 2024/06/17 ) (custom)
    Create a notification for this product.
    Credits
    Aliz Hammond of watchTowr
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T17:32:45.877044Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T17:32:52.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.8.0.872 ( 2024/06/17 )",
                  "status": "affected",
                  "version": "1.8.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.7.0.827 ( 2024/06/17 )",
                  "status": "affected",
                  "version": "1.7.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aliz Hammond of watchTowr"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\u003cbr\u003eQuLog Center 1.7.0.827 ( 2024/06/17 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-06T16:27:22.225Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-30"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\u003cbr\u003eQuLog Center 1.7.0.827 ( 2024/06/17 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-30",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-32762",
        "datePublished": "2024-09-06T16:27:22.225Z",
        "dateReserved": "2024-04-18T08:14:16.552Z",
        "dateUpdated": "2024-09-06T17:32:52.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36196 (GCVE-0-2020-36196)

    Vulnerability from nvd – Published: 2021-07-01 02:00 – Updated: 2024-09-16 19:30
    VLAI
    Title
    Stored XSS Vulnerability in QuLog Center
    Summary
    A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: unspecified , < 1.2.0 (custom)
    Create a notification for this product.
    Date Public
    2021-07-01 00:00
    Credits
    Jan Hoff
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jan Hoff"
            }
          ],
          "datePublic": "2021-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-01T02:00:18.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQuLog Center 1.2.0 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-30",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS Vulnerability in QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-07-01T01:19:00.000Z",
              "ID": "CVE-2020-36196",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS Vulnerability in QuLog Center"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QuLog Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jan Hoff"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQuLog Center 1.2.0 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-30",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2020-36196",
        "datePublished": "2021-07-01T02:00:18.925Z",
        "dateReserved": "2021-01-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:06.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-54168 (GCVE-0-2025-54168)

    Vulnerability from cvelistv5 – Published: 2025-11-07 15:12 – Updated: 2025-11-07 15:57
    VLAI
    Title
    QuLog Center
    Summary
    A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.923 ( 2025/08/27 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.8.x.x , < 1.8.2.923 ( 2025/08/27 ) (custom)
    Create a notification for this product.
    Credits
    Mohammad Abdullah - Infosec Researcher & Bugbounty hunter
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-07T15:49:41.496859Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-07T15:57:21.137Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.8.2.923 ( 2025/08/27 )",
                  "status": "affected",
                  "version": "1.8.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohammad Abdullah - Infosec Researcher \u0026 Bugbounty hunter"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQuLog Center 1.8.2.923 ( 2025/08/27 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following version:\nQuLog Center 1.8.2.923 ( 2025/08/27 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-07T15:12:10.966Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-25-42"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQuLog Center 1.8.2.923 ( 2025/08/27 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nQuLog Center 1.8.2.923 ( 2025/08/27 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-25-42",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2025-54168",
        "datePublished": "2025-11-07T15:12:10.966Z",
        "dateReserved": "2025-07-17T08:05:28.816Z",
        "dateUpdated": "2025-11-07T15:57:21.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-58469 (GCVE-0-2025-58469)

    Vulnerability from cvelistv5 – Published: 2025-11-07 15:08 – Updated: 2025-11-07 15:48
    VLAI
    Title
    QuLog Center
    Summary
    A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.927 ( 2025/09/17 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.8.x.x , < 1.8.2.927 ( 2025/09/17 ) (custom)
    Create a notification for this product.
    Credits
    Tim Coen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-07T15:48:03.836693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-07T15:48:30.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.8.2.927 ( 2025/09/17 )",
                  "status": "affected",
                  "version": "1.8.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tim Coen"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQuLog Center 1.8.2.927 ( 2025/09/17 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities.\n\nWe have already fixed the vulnerability in the following version:\nQuLog Center 1.8.2.927 ( 2025/09/17 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 1.2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-07T15:08:56.159Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-25-42"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQuLog Center 1.8.2.927 ( 2025/09/17 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nQuLog Center 1.8.2.927 ( 2025/09/17 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-25-42",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2025-58469",
        "datePublished": "2025-11-07T15:08:56.159Z",
        "dateReserved": "2025-09-03T00:59:25.448Z",
        "dateUpdated": "2025-11-07T15:48:30.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-53696 (GCVE-0-2024-53696)

    Vulnerability from cvelistv5 – Published: 2025-03-07 16:13 – Updated: 2025-03-07 17:54
    VLAI
    Title
    QuLog Center
    Summary
    A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.829 ( 2024/10/01 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later QTS 4.5.4.2957 build 20241119 and later QuTS hero h4.5.4.2956 build 20241119 and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.7.x.x , < 1.7.0.829 ( 2024/10/01 ) (custom)
    Affected: 1.8.x.x , < 1.8.0.888 ( 2024/10/15 ) (custom)
    Create a notification for this product.
    QNAP Systems Inc. QTS Affected: 4.5.x , < 4.5.4.2957 build 20241119 (custom)
    Create a notification for this product.
    QNAP Systems Inc. QuTS hero Affected: h4.5.x , < h4.5.4.2956 build 20241119 (custom)
    Create a notification for this product.
    Credits
    Aymen BORGI and Ibrahim AYADHI from RandoriSec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-53696",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-07T17:54:00.666580Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-07T17:54:11.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.7.0.829 ( 2024/10/01 )",
                  "status": "affected",
                  "version": "1.7.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.0.888 ( 2024/10/15 )",
                  "status": "affected",
                  "version": "1.8.x.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QTS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "4.5.4.2957 build 20241119",
                  "status": "affected",
                  "version": "4.5.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QuTS hero",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "h4.5.4.2956 build 20241119",
                  "status": "affected",
                  "version": "h4.5.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aymen BORGI and Ibrahim AYADHI from RandoriSec"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\u003cbr\u003eQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\u003cbr\u003eQTS 4.5.4.2957 build 20241119 and later\u003cbr\u003eQuTS hero h4.5.4.2956 build 20241119 and later\u003cbr\u003e"
                }
              ],
              "value": "A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\nQTS 4.5.4.2957 build 20241119 and later\nQuTS hero h4.5.4.2956 build 20241119 and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-07T16:13:55.595Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-53"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\u003cbr\u003eQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\u003cbr\u003eQTS 4.5.4.2957 build 20241119 and later\u003cbr\u003eQuTS hero h4.5.4.2956 build 20241119 and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.829 ( 2024/10/01 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\nQTS 4.5.4.2957 build 20241119 and later\nQuTS hero h4.5.4.2956 build 20241119 and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-53",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-53696",
        "datePublished": "2025-03-07T16:13:55.595Z",
        "dateReserved": "2024-11-22T06:21:49.206Z",
        "dateUpdated": "2025-03-07T17:54:11.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23354 (GCVE-0-2023-23354)

    Vulnerability from cvelistv5 – Published: 2024-12-19 01:39 – Updated: 2024-12-24 00:40
    VLAI
    Title
    QuLog Center
    Summary
    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.5.x.x , < 1.5.0.738 ( 2023/03/06 ) (custom)
    Affected: 1.4.x.x , < 1.4.1.691 ( 2023/03/01 ) (custom)
    Affected: 1.3.x.x , < 1.3.1.645 ( 2023/02/22 ) (custom)
    Create a notification for this product.
    Credits
    Kaibro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23354",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-24T00:32:52.104475Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-24T00:40:55.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.5.0.738 ( 2023/03/06 )",
                  "status": "affected",
                  "version": "1.5.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.4.1.691 ( 2023/03/01 )",
                  "status": "affected",
                  "version": "1.4.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.3.1.645 ( 2023/02/22 )",
                  "status": "affected",
                  "version": "1.3.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kaibro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\u003cbr\u003eQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\u003cbr\u003eQuLog Center 1.3.1.645 ( 2023/02/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T01:39:27.208Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-23-13"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\u003cbr\u003eQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\u003cbr\u003eQuLog Center 1.3.1.645 ( 2023/02/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-23-13",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-23354",
        "datePublished": "2024-12-19T01:39:27.208Z",
        "dateReserved": "2023-01-11T20:15:53.084Z",
        "dateUpdated": "2024-12-24T00:40:55.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23357 (GCVE-0-2023-23357)

    Vulnerability from cvelistv5 – Published: 2024-12-19 01:39 – Updated: 2024-12-24 00:41
    VLAI
    Title
    QuLog Center
    Summary
    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.5.x.x , < 1.5.0.738 ( 2023/03/06 ) (custom)
    Affected: 1.4.x.x , < 1.4.1.691 ( 2023/03/01 ) (custom)
    Affected: 1.3.x.x , < 1.3.1.645 ( 2023/02/22 ) (custom)
    Create a notification for this product.
    Credits
    Kaibro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-24T00:31:38.722886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-24T00:41:08.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.5.0.738 ( 2023/03/06 )",
                  "status": "affected",
                  "version": "1.5.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.4.1.691 ( 2023/03/01 )",
                  "status": "affected",
                  "version": "1.4.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.3.1.645 ( 2023/02/22 )",
                  "status": "affected",
                  "version": "1.3.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kaibro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\u003cbr\u003eQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\u003cbr\u003eQuLog Center 1.3.1.645 ( 2023/02/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T01:39:02.809Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-23-16"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\u003cbr\u003eQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\u003cbr\u003eQuLog Center 1.3.1.645 ( 2023/02/22 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-23-16",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2023-23357",
        "datePublished": "2024-12-19T01:39:02.809Z",
        "dateReserved": "2023-01-11T20:15:53.084Z",
        "dateUpdated": "2024-12-24T00:41:08.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48862 (GCVE-0-2024-48862)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:31 – Updated: 2024-11-22 16:47
    VLAI
    Title
    QuLog Center
    Summary
    A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.831 ( 2024/10/15 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.7.x.x , < 1.7.0.831 ( 2024/10/15 ) (custom)
    Affected: 1.8.x.x , < 1.8.0.888 ( 2024/10/15 ) (custom)
    Create a notification for this product.
    qnap qulog_center Affected: 1.7.0.0 , < 1.7.0.831 (custom)
    Affected: 1.8.0.0 , < 1.8.0.888 (custom)
        cpe:2.3:a:qnap:qulog_center:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dinh Ho Anh Khoa
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:qulog_center:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qulog_center",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "1.7.0.831",
                    "status": "affected",
                    "version": "1.7.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.8.0.888",
                    "status": "affected",
                    "version": "1.8.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T16:43:22.727496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T16:47:06.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.7.0.831 ( 2024/10/15 )",
                  "status": "affected",
                  "version": "1.7.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.0.888 ( 2024/10/15 )",
                  "status": "affected",
                  "version": "1.8.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dinh Ho Anh Khoa"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\u003cbr\u003eQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-132",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-132"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:31:54.450Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-46"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\u003cbr\u003eQuLog Center 1.8.0.888 ( 2024/10/15 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-46",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-48862",
        "datePublished": "2024-11-22T15:31:54.450Z",
        "dateReserved": "2024-10-09T00:22:57.834Z",
        "dateUpdated": "2024-11-22T16:47:06.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32762 (GCVE-0-2024-32762)

    Vulnerability from cvelistv5 – Published: 2024-09-06 16:27 – Updated: 2024-09-06 17:32
    VLAI
    Title
    QuLog Center
    Summary
    A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: 1.8.x.x , < 1.8.0.872 ( 2024/06/17 ) (custom)
    Affected: 1.7.x.x , < 1.7.0.827 ( 2024/06/17 ) (custom)
    Create a notification for this product.
    Credits
    Aliz Hammond of watchTowr
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T17:32:45.877044Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T17:32:52.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.8.0.872 ( 2024/06/17 )",
                  "status": "affected",
                  "version": "1.8.x.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.7.0.827 ( 2024/06/17 )",
                  "status": "affected",
                  "version": "1.7.x.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aliz Hammond of watchTowr"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\u003cbr\u003eQuLog Center 1.7.0.827 ( 2024/06/17 ) and later\u003cbr\u003e"
                }
              ],
              "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-06T16:27:22.225Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-30"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\u003cbr\u003eQuLog Center 1.7.0.827 ( 2024/06/17 ) and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later"
            }
          ],
          "source": {
            "advisory": "QSA-24-30",
            "discovery": "EXTERNAL"
          },
          "title": "QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-32762",
        "datePublished": "2024-09-06T16:27:22.225Z",
        "dateReserved": "2024-04-18T08:14:16.552Z",
        "dateUpdated": "2024-09-06T17:32:52.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36196 (GCVE-0-2020-36196)

    Vulnerability from cvelistv5 – Published: 2021-07-01 02:00 – Updated: 2024-09-16 19:30
    VLAI
    Title
    Stored XSS Vulnerability in QuLog Center
    Summary
    A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QuLog Center Affected: unspecified , < 1.2.0 (custom)
    Create a notification for this product.
    Date Public
    2021-07-01 00:00
    Credits
    Jan Hoff
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QuLog Center",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jan Hoff"
            }
          ],
          "datePublic": "2021-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-01T02:00:18.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQuLog Center 1.2.0 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-30",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS Vulnerability in QuLog Center",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-07-01T01:19:00.000Z",
              "ID": "CVE-2020-36196",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS Vulnerability in QuLog Center"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QuLog Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jan Hoff"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-30"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQuLog Center 1.2.0 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-30",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2020-36196",
        "datePublished": "2021-07-01T02:00:18.925Z",
        "dateReserved": "2021-01-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:06.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }