{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T04:44:26.378","vulnerabilities":[{"cve":{"id":"CVE-2018-19953","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2020-10-28T18:15:12.740","lastModified":"2025-11-03T15:07:03.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109."},{"lang":"es","value":"Si es explotada, esta vulnerabilidad de tipo cross-site scripting podría permitir a atacantes remotos inyectar código malicioso. QNAP ya ha corregido el problema en las siguientes versiones de QTS. QTS versión 4.4.2.1231 en build 20200302; QTS versión 4.4.1.1201 en build 20200130; QTS versión 4.3.6.1218 en build 20200214; QTS versión 4.3.4.1190 en build 20200107; QTS versión 4.3.3.1161 en build 20200109; QTS versión 4.2.6 en build 20200109"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"cisaExploitAdd":"2022-05-24","cisaActionDue":"2022-06-14","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"QNAP NAS File Station Cross-Site Scripting Vulnerability","weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-80"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.6","matchCriteriaId":"3777F6CC-9189-4BC0-B336-62BA1EFB91A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.1.0013","versionEndExcluding":"4.3.3.1161","matchCriteriaId":"DCF2E9D3-12C2-4A5A-BC1D-F2C007303805"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.4","versionEndExcluding":"4.3.4.1190","matchCriteriaId":"26B1C1D9-D91E-4C02-87A2-1EDE2AB4B0BF"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.6","versionEndExcluding":"4.3.6.1218","matchCriteriaId":"4A213877-D365-46DB-BDA1-4DAA020AF84A"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.1.1201","matchCriteriaId":"F902AFED-E51B-42F2-85BD-DB0B19B8C7DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.2","versionEndExcluding":"4.4.2.1231","matchCriteriaId":"5BF6E081-B28B-4A26-BA59-EB7A66099360"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:4.2.6:-:*:*:*:*:*:*","matchCriteriaId":"2D3B1E3A-C9E9-4BB8-8BFC-AE1258722F85"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*","matchCriteriaId":"8F523E9F-D101-4C29-A624-74E1F3F8CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*","matchCriteriaId":"1388DBE0-F6BB-44AB-81AC-BFB4E70BE820"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*","matchCriteriaId":"CF3C4461-C1B6-43A1-BA5E-D6658EFD06EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*","matchCriteriaId":"A1F11848-6FED-4D58-A177-36D280C0347C"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*","matchCriteriaId":"F6259C86-FFDA-40E8-AF0C-33CC8C108DC9"}]}]}],"references":[{"url":"https://www.qnap.com/zh-tw/security-advisory/qsa-20-01","source":"security@qnapsecurity.com.tw","tags":["Vendor Advisory"]},{"url":"https://www.qnap.com/zh-tw/security-advisory/qsa-20-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19953","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}