{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T16:43:12.499","vulnerabilities":[{"cve":{"id":"CVE-2019-7184","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2019-12-05T17:15:12.810","lastModified":"2026-06-17T02:40:13.940","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions."},{"lang":"es","value":"Esta vulnerabilidad de secuencias de comandos entre sitios (XSS) en Video Station permite a los atacantes remotos inyectar y ejecutar secuencias de comandos en la consola de administración del administrador. Para corregir esta vulnerabilidad, QNAP recomienda actualizar Video Station a sus últimas versiones."}],"affected":[{"source":"security@qnapsecurity.com.tw","affectedData":[{"vendor":"n/a","product":"QNAP NAS devices running Video Station","versions":[{"version":"QTS 4.4.1: Video Station before version 5.4.3, QTS 4.3.4 - QTS 4.4.0: Video Station before version 5.3.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.3","matchCriteriaId":"E7773147-4835-4F95-A72A-E4758F457671"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"47B6D38A-D7C9-4D55-921C-488D56C43F25"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*","versionEndExcluding":"5.3.10","matchCriteriaId":"10F9A133-6D50-4EE9-80CE-7EE9555892FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.4","versionEndIncluding":"4.4.0","matchCriteriaId":"AD20D15E-C474-48FC-9A84-12CD6AF01F1F"}]}]}],"references":[{"url":"https://www.qnap.com/zh-tw/security-advisory/nas-201911-27","source":"security@qnapsecurity.com.tw","tags":["Vendor Advisory"]},{"url":"https://www.qnap.com/zh-tw/security-advisory/nas-201911-27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}