Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Ragic Cloud DB by Negocios

    CVE-2021-38681 (GCVE-0-2021-38681)

    Vulnerability from nvd – Published: 2021-11-20 01:05 – Updated: 2024-09-16 22:30
    VLAI
    Title
    Reflected XSS Vulnerability in Ragic Cloud DB
    Summary
    A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Negocios Ragic Cloud DB Affected: unspecified , ≤ 3.7.0.1 (custom)
    Create a notification for this product.
    Date Public
    2021-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:19.202Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ragic Cloud DB",
              "vendor": "Negocios",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T01:05:12.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
            }
          ],
          "source": {
            "advisory": "QSA-21-48",
            "discovery": "EXTERNAL"
          },
          "title": "Reflected XSS Vulnerability in Ragic Cloud DB",
          "workarounds": [
            {
              "lang": "en",
              "value": "QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-11-18T23:43:00.000Z",
              "ID": "CVE-2021-38681",
              "STATE": "PUBLIC",
              "TITLE": "Reflected XSS Vulnerability in Ragic Cloud DB"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ragic Cloud DB",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.7.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Negocios"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-48",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
                }
              ]
            },
            "source": {
              "advisory": "QSA-21-48",
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-38681",
        "datePublished": "2021-11-20T01:05:12.456Z",
        "dateReserved": "2021-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:30:22.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38681 (GCVE-0-2021-38681)

    Vulnerability from cvelistv5 – Published: 2021-11-20 01:05 – Updated: 2024-09-16 22:30
    VLAI
    Title
    Reflected XSS Vulnerability in Ragic Cloud DB
    Summary
    A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Negocios Ragic Cloud DB Affected: unspecified , ≤ 3.7.0.1 (custom)
    Create a notification for this product.
    Date Public
    2021-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:19.202Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ragic Cloud DB",
              "vendor": "Negocios",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-20T01:05:12.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
            }
          ],
          "source": {
            "advisory": "QSA-21-48",
            "discovery": "EXTERNAL"
          },
          "title": "Reflected XSS Vulnerability in Ragic Cloud DB",
          "workarounds": [
            {
              "lang": "en",
              "value": "QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-11-18T23:43:00.000Z",
              "ID": "CVE-2021-38681",
              "STATE": "PUBLIC",
              "TITLE": "Reflected XSS Vulnerability in Ragic Cloud DB"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ragic Cloud DB",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.7.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Negocios"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/en/security-advisory/qsa-21-48",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/en/security-advisory/qsa-21-48"
                }
              ]
            },
            "source": {
              "advisory": "QSA-21-48",
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-38681",
        "datePublished": "2021-11-20T01:05:12.456Z",
        "dateReserved": "2021-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:30:22.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }