CVE-2021-38681
MEDIUMQNAP Ragic Cloud DB < 3.7.0.1 - Reflected Cross-Site Scripting
Title source: llmDescription
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.qnap.com/en/security-advisory/qsa-21-48
Scores
CVSS v3
5.3
EPSS
0.0025
EPSS Percentile
48.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-79
Status
published
Products (1)
qnap/ragic_cloud_db
< 3.7.0.1
Published
Nov 20, 2021
Tracked Since
Feb 18, 2026