CVE-2018-19943

8.0 HIGH CISA KEV - Actively Exploited

Published: October 28, 2020 Modified: November 03, 2025

Description

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://www.qnap.com/zh-tw/security-advisory/qsa-20-01

Source: security@qnapsecurity.com.tw

Vendor Advisory

https://www.qnap.com/zh-tw/security-advisory/qsa-20-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19943

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.0 / 10.0

EPSS (Exploit Probability)

5.5%

90th percentile

Exploitation Status

Actively Exploited

Remediation due: 2022-06-14

Weaknesses (CWE)

CWE-79 CWE-80 CWE-79

Affected Vendors

qnap

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3