Gruppo TIM | CVE-2020-2503

La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Facebook Twitter Linkedin Copia Link

tag

CVE-2020-2503 – QNAP QES

Vulnerability Description: Stored XSS via Arbitrary File upload
Software Version: QES 2.0.0
NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-2503
CVSv3: 5.4
Severity: Medium
Credits: Francesco Giordano, Francesco Pigini, Sebastiano Lanzarotto, Massimiliano Brolli

A vulnerability was found in QNAP QES 2.0 that If exploited, vulnerability could allow remote attackers to inject malicious code in File Station. The vulnerability resides in the upload functionality that doesn’t perform the correct sanitization.