Description

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later

Related CPE's

a

qnap

qumagie

Vulnerable

References

https://www.qnap.com/en/security-advisory/qsa-25-49

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-02T15:16:03.450Z

2 weeks ago

Last modified

2026-01-05T20:30:08.450Z

1 week ago