CVE-2018-19953 - QNAP NAS File Station Cross-Site Scripting Vulnerability

Project:QNAP

Product:Network Attached Storage (NAS)

Date Added:2022-05-24Due Date:2022-06-14Last Updated:June 21, 2025

Vulnerability Name

QNAP NAS File Station Cross-Site Scripting Vulnerability

Description

A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-19953

Related Weaknesses

CWE-79

CWE-80