mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
147 lines
4.3 KiB
JSON
147 lines
4.3 KiB
JSON
{
|
|
"id": "CVE-2019-7184",
|
|
"sourceIdentifier": "security@qnapsecurity.com.tw",
|
|
"published": "2019-12-05T17:15:12.810",
|
|
"lastModified": "2023-01-30T18:27:58.297",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator\u2019s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Esta vulnerabilidad de secuencias de comandos entre sitios (XSS) en Video Station permite a los atacantes remotos inyectar y ejecutar secuencias de comandos en la consola de administraci\u00f3n del administrador. Para corregir esta vulnerabilidad, QNAP recomienda actualizar Video Station a sus \u00faltimas versiones."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.8,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.7,
|
|
"impactScore": 2.7
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.5
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 6.8,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "5.4.3",
|
|
"matchCriteriaId": "E7773147-4835-4F95-A72A-E4758F457671"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "47B6D38A-D7C9-4D55-921C-488D56C43F25"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "5.3.10",
|
|
"matchCriteriaId": "10F9A133-6D50-4EE9-80CE-7EE9555892FA"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.3.4",
|
|
"versionEndIncluding": "4.4.0",
|
|
"matchCriteriaId": "AD20D15E-C474-48FC-9A84-12CD6AF01F1F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27",
|
|
"source": "security@qnapsecurity.com.tw",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |