Description
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
Affected products
- QNAP Systems Inc. / QmailAgentunspecified – 3.0.2 ( 2021/08/25 )