CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-29 16:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
18943f3353ca1cc3fd2595afa412856465e29c78
CVEs-PoC/2021/CVE-2021-28807.md
T
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

19 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
### [CVE-2021-28807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28807)
![](https://img.shields.io/static/v1?label=Product&message=Q%E2%80%99center&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%20v1.12.1012%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
### Description
A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Qcenter. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Qcenter: QTS 4.5.3: Qcenter v1.12.1012 and later QTS 4.3.6: Qcenter v1.10.1004 and later QTS 4.3.3: Qcenter v1.10.1004 and later QuTS hero h4.5.2: Qcenter v1.12.1012 and later QuTScloud c4.5.4: Qcenter v1.12.1012 and later
### POC
#### Reference
- https://www.shielder.it/advisories/qnap-qcenter-post-auth-remote-code-execution-via-qpkg/
- https://www.shielder.it/advisories/qnap-qcenter-virtual-stored-xss/
#### Github
- https://github.com/ShielderSec/poc
Reference in New Issue View Git Blame Copy Permalink