CVE-2021-38681

Summary

A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.

Affected Software

VendorProductVersion RangeStatus
NegociosRagic Cloud DBunspecified <= 3.7.0.1affected

Weaknesses

  • CWE-79: CWE-79

Workarounds

QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available.

ADP Enrichment

CVE Program Container

Additional References

References