QSearchQSearch

CVE-2021-38675

5.4 MEDIUM

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF

Published: 2021-10-01 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.4 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
CWE-79

Affected products

VendorProduct
qnapimage2pdf

Description

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-26241 A buffer overflow vulnerability has been reported to affect File Station 5 (9.1 CRITICAL)
  • CVE-2026-26240 A buffer overflow vulnerability has been reported to affect File Station 5 (9.1 CRITICAL)
  • CVE-2026-26239 A buffer overflow vulnerability has been reported to affect File Station 5 (8.1 HIGH)
  • CVE-2026-26237 A missing authorization vulnerability has been reported to affect QuMagie (7.5 HIGH)
  • CVE-2026-24724 An incorrect authorization vulnerability has been reported to affect File Station 6 (8.1 HIGH)

Same CWE

  • CVE-2026-12425 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
  • CVE-2024-30476 PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
  • CVE-2026-54198 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
  • CVE-2026-54191 Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
  • CVE-2026-39437 Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)