cvelist/2021/34xxx/CVE-2021-34359.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@qnap.com",
        "DATE_PUBLIC": "2022-02-24T23:01:00.000Z",
        "ID": "CVE-2021-34359",
        "STATE": "PUBLIC",
        "TITLE": "Stored XSS Vulnerability in Proxy Server"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Proxy Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "platform": "QTS 4.5.x",
                                            "version_affected": "<",
                                            "version_value": "1.4.2 ( 2021/12/30 )"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Tony Martin, a security researcher"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.qnap.com/en/security-advisory/qsa-22-04",
                "name": "https://www.qnap.com/en/security-advisory/qsa-22-04"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\n"
        }
    ],
    "source": {
        "advisory": "QSA-22-04",
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2021-06-08 21:01:11 +00:00			`{`
			`"CVE_data_meta": {`
QSA-22-04 CVE-2021-34359 CVE-2021-34361 2022-02-25 14:01:45 +08:00			`"ASSIGNER": "security@qnap.com",`
			`"DATE_PUBLIC": "2022-02-24T23:01:00.000Z",`
"-Synchronized-Data." 2021-06-08 21:01:11 +00:00			`"ID": "CVE-2021-34359",`
QSA-22-04 CVE-2021-34359 CVE-2021-34361 2022-02-25 14:01:45 +08:00			`"STATE": "PUBLIC",`
			`"TITLE": "Stored XSS Vulnerability in Proxy Server"`
"-Synchronized-Data." 2021-06-08 21:01:11 +00:00			`},`
QSA-22-04 CVE-2021-34359 CVE-2021-34361 2022-02-25 14:01:45 +08:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Proxy Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"platform": "QTS 4.5.x",`
			`"version_affected": "<",`
			`"version_value": "1.4.2 ( 2021/12/30 )"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "QNAP Systems Inc."`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Tony Martin, a security researcher"`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2021-06-08 21:01:11 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-02-25 07:01:21 +00:00			`"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later"`
QSA-22-04 CVE-2021-34359 CVE-2021-34361 2022-02-25 14:01:45 +08:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 6.9,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"scope": "CHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-79 Cross-site Scripting (XSS)"`
			`}`
			`]`
"-Synchronized-Data." 2021-06-08 21:01:11 +00:00			`}`
			`]`
QSA-22-04 CVE-2021-34359 CVE-2021-34361 2022-02-25 14:01:45 +08:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2022-02-25 07:01:21 +00:00			`"refsource": "MISC",`
			`"url": "https://www.qnap.com/en/security-advisory/qsa-22-04",`
			`"name": "https://www.qnap.com/en/security-advisory/qsa-22-04"`
QSA-22-04 CVE-2021-34359 CVE-2021-34361 2022-02-25 14:01:45 +08:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "We have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\n"`
			`}`
			`],`
			`"source": {`
			`"advisory": "QSA-22-04",`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2021-06-08 21:01:11 +00:00			`}`
			`}`