{
  "id": "CVE-2017-13072",
  "sourceIdentifier": "security@qnapsecurity.com.tw",
  "published": "2018-06-21T13:29:00.273",
  "lastModified": "2018-08-10T14:11:58.707",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-Site Scripting (XSS) en App Center en QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223 y sus versiones anteriores podr\u00eda permitir que los atacantes remotos inyecten c\u00f3digo JavaScript."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D9E6F8F-A433-45A7-8839-5D478FE179A4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5994C07-17FE-4784-9FA4-9675BA8B4743"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:qnap:qts:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0C7D2D4-769F-4297-89F4-75366FFA7618"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.qnap.com/en/security-advisory/nas-201805-16",
      "source": "security@qnapsecurity.com.tw",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}