CVE-2019-7185

Summary

This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.

Affected Software

VendorProductVersion RangeStatus
n/aQNAP NAS devices running Music StationQTS 4.4.1: Music Station before version 5.3.5, QTS 4.3.6 - QTS 4.4.0: Music Station before version 5.2.7, QTS 4.3.0 - QTS 4.3.4: Music Station before version 5.1.11affected

Weaknesses

  • Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References