Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following version: License Center 1.9.49 and later
Analysis
A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following version: License Center 1.9.49 and later
Technical ContextAI
Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.
RemediationAI
Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.
More in License Center
View allA command injection vulnerability has been reported to affect License Center. Rated high severity (CVSS 7.7), this vulne
Path traversal in QNAP License Center (versions 1.9.0 through 1.9.55) permits a high-privileged attacker with an adminis
A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator
An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user accoun
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. Rated hig
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54654