CVE-2020-2493

Summary

This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later.

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.Multimedia Console< 1.1.5affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)
  • CWE-80: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CVE Program Container

Additional References

References