OpenCVE

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Qnap	Qulog Center

Configuration 1 [-]

OR	cpe:2.3:a:qnap:qulog_center::::::::
	cpe:2.3:a:qnap:qulog_center::::::::

No data.

References

Link	Providers
https://www.qnap.com/en/security-advisory/qsa-24-30

History

Fri, 13 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qnap Qnap qulog Center
CPEs		cpe:2.3:a:qnap:qulog_center::::::::
Vendors & Products		Qnap Qnap qulog Center

Fri, 06 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Sep 2024 16:45:00 +0000

Type	Values Removed	Values Added
Description		A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later
Title		QuLog Center
Weaknesses		CWE-79
References		https://www.qnap.com/en/security-advisory/qsa-24-30
Metrics		cvssV3_1 `{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2024-09-06T16:27:22.225Z

Updated: 2024-09-06T17:32:52.859Z

Reserved: 2024-04-18T08:14:16.552Z

Link: CVE-2024-32762

Vulnrichment

Updated: 2024-09-06T17:32:49.455Z

NVD

Status : Analyzed

Published: 2024-09-06T17:15:15.697

Modified: 2024-09-13T21:10:30.137

Link: CVE-2024-32762

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32762", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2024-04-18T08:14:16.552Z", "datePublished": "2024-09-06T16:27:22.225Z", "dateUpdated": "2024-09-06T17:32:52.859Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QuLog Center", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "1.8.0.872 ( 2024/06/17 )", "status": "affected", "version": "1.8.x.x", "versionType": "custom"}, {"lessThan": "1.7.0.827 ( 2024/06/17 )", "status": "affected", "version": "1.7.x.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Aliz Hammond of watchTowr"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.<br><br>We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.8.0.872 ( 2024/06/17 ) and later<br>QuLog Center 1.7.0.827 ( 2024/06/17 ) and later<br>"}], "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-09-06T16:27:22.225Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-30"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.8.0.872 ( 2024/06/17 ) and later<br>QuLog Center 1.7.0.827 ( 2024/06/17 ) and later<br>"}], "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later"}], "source": {"advisory": "QSA-24-30", "discovery": "EXTERNAL"}, "title": "QuLog Center", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T17:32:45.877044Z", "id": "CVE-2024-32762", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T17:32:52.859Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32762", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T17:32:45.877044Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T17:32:49.455Z"}}], "cna": {"title": "QuLog Center", "source": {"advisory": "QSA-24-30", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Aliz Hammond of watchTowr"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QuLog Center", "versions": [{"status": "affected", "version": "1.8.x.x", "lessThan": "1.8.0.872 ( 2024/06/17 )", "versionType": "custom"}, {"status": "affected", "version": "1.7.x.x", "lessThan": "1.7.0.827 ( 2024/06/17 )", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.8.0.872 ( 2024/06/17 ) and later<br>QuLog Center 1.7.0.827 ( 2024/06/17 ) and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-30"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later", "supportingMedia": [{"type": "text/html", "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.<br><br>We have already fixed the vulnerability in the following versions:<br>QuLog Center 1.8.0.872 ( 2024/06/17 ) and later<br>QuLog Center 1.7.0.827 ( 2024/06/17 ) and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-09-06T16:27:22.225Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32762", "state": "PUBLISHED", "dateUpdated": "2024-09-06T17:32:52.859Z", "dateReserved": "2024-04-18T08:14:16.552Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2024-09-06T16:27:22.225Z", "assignerShortName": "qnap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap:qulog_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "68470D37-7248-4850-ADFE-56BF786705BC", "versionEndExcluding": "1.7.0.827", "versionStartIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qnap:qulog_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB446D0C-5DA2-4435-ADE0-3FEB20FBE980", "versionEndExcluding": "1.8.0.872", "versionStartIncluding": "1.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.8.0.872 ( 2024/06/17 ) and later\nQuLog Center 1.7.0.827 ( 2024/06/17 ) and later"}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad de cross site scripting (XSS) que afecta a QuLog Center. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QuLog Center 1.8.0.872 (17/06/2024) y posteriores QuLog Center 1.7.0.827 (17/06/2024) y posteriores"}], "id": "CVE-2024-32762", "lastModified": "2024-09-13T21:10:30.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2024-09-06T17:15:15.697", "references": [{"source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-24-30"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@qnapsecurity.com.tw", "type": "Primary"}]}