CVE-2019-7185

This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-12-05 17:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-7185

Mitre link : CVE-2019-7185

CVE.ORG link : CVE-2019-7185


JSON object : View

Products Affected

qnap

  • qts
  • music_station
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')