Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-58465

Опубликовано: 07 нояб. 2025
Источник: nvd
CVSS3: 5.4
EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data.

We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:qnap:download_station:5.10.0.291:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:a:qnap:download_station:*:*:*:*:*:*:*:*
Версия от 5.10.0.291 (включая) до 5.10.0.305 (исключая)
cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*

EPSS

Процентиль: 28%
0.00099
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-g6vp-qx8j-gqr4

CVSS3: 5.4
github
3 месяца назад

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later

EPSS

Процентиль: 28%
0.00099
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79