CVE-2024-27122 — Vulnetix

CVE-2024-27122 PUBLISHED CVSS 6.300000190734863 MEDIUM

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later

EPSS 0.87% · 75.6th percentile

Risk Scores

CVSS v3.1

6.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

EPSS Score

0.87%

75.6th percentile

Affected Products

Vendor	Product	Versions
qnap	notes_station_3	3.9.0
QNAP Systems Inc.	Notes Station 3	3.9.x

Timeline

Sep 6, 2024 CVE Published
Sep 6, 2024 PoC Published
Sep 7, 2024 EPSS Score
Sep 27, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 17, 2024 EPSS Score
Nov 6, 2024 EPSS Score
Nov 26, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 6, 2025 EPSS Score
Jan 26, 2025 EPSS Score
Feb 10, 2025 Coalition ESS Score

References

https://www.qnap.com/go/security-advisory/qsa-24-24 advisory
https://www.qnap.com/go/security-advisory/qsa-24-26 advisory
https://www.qnap.com/go/security-advisory/qsa-24-34 advisory
https://www.qnap.com/go/security-advisory/qsa-24-30 advisory
https://www.qnap.com/go/security-advisory/qsa-24-21 advisory
https://www.qnap.com/go/security-advisory/qsa-24-27 advisory
https://www.qnap.com/go/security-advisory/qsa-24-29 advisory
https://www.qnap.com/go/security-advisory/qsa-24-28 advisory
https://www.qnap.com/go/security-advisory/qsa-24-32 advisory
https://www.qnap.com/go/security-advisory/qsa-24-25 advisory
https://www.qnap.com/go/security-advisory/qsa-24-33 advisory
https://www.qnap.com/go/security-advisory/qsa-24-22 advisory
https://www.qnap.com/go/security-advisory/qsa-24-35 advisory
https://www.qnap.com/en/security-advisory/qsa-24-21 url
https://nvd.nist.gov/vuln/detail/CVE-2024-27122 advisory

Open in Interactive Console →