Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Qnap Subscribe
Filtered by product Music Station
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7185 1 Qnap 2 Music Station, Qts 2023-01-30 3.5 LOW 4.8 MEDIUM
This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.
CVE-2018-19951 1 Qnap 2 Music Station, Qts 2022-11-16 4.3 MEDIUM 6.1 MEDIUM
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
CVE-2018-19950 1 Qnap 2 Music Station, Qts 2022-11-16 7.5 HIGH 9.8 CRITICAL
If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
CVE-2020-2494 1 Qnap 3 Music Station, Qts, Quts Hero 2021-06-21 4.3 MEDIUM 6.1 MEDIUM
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later
CVE-2020-36197 1 Qnap 4 Music Station, Qts, Quts Hero and 1 more 2021-06-21 5.8 MEDIUM 8.8 HIGH
An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4.
CVE-2018-19952 1 Qnap 2 Music Station, Qts 2020-11-04 5.0 MEDIUM 7.5 HIGH
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
CVE-2018-0729 1 Qnap 2 Music Station, Qts 2020-08-24 7.5 HIGH 9.8 CRITICAL
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions.
CVE-2018-0718 1 Qnap 2 Music Station, Qts 2019-10-02 7.5 HIGH 9.8 CRITICAL
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
CVE-2017-13069 1 Qnap 1 Music Station 2017-11-01 7.5 HIGH 9.8 CRITICAL
QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.