VDB
CVE-2024-38640
CVE-2024-38640
PUBLISHED
CVSS 7 HIGH
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later
EPSS 1.04% · 77.8th percentile
Risk Scores
CVSS 4.0
7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score
1.04%
77.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| qnap | download_station | 5.8.0 |
| QNAP Systems Inc. | Download Station | 5.8.x |
Exploit Intelligence
- CIRCL seen: CVE-2024-38640 (circl-sighting)
- https://www.qnap.com/en/security-advisory/qsa-24-35 (circl)
Timeline
- Sep 6, 2024 CVE Published
- Sep 6, 2024 PoC Published
- Sep 7, 2024 EPSS Score
- Sep 16, 2024 CVE Updated
- Sep 27, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 17, 2024 EPSS Score
- Nov 6, 2024 EPSS Score
- Nov 26, 2024 EPSS Score
- Dec 17, 2024 EPSS Score
- Jan 6, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
References
- https://www.qnap.com/go/security-advisory/qsa-24-24 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-26 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-34 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-30 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-21 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-27 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-29 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-28 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-32 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-25 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-33 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-22 advisory
- https://www.qnap.com/go/security-advisory/qsa-24-35 advisory
- https://www.qnap.com/en/security-advisory/qsa-24-35 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-38640 advisory