Is CVE-2018-19943 actively exploited?

CVE-2018-19943 has no public evidence of in-the-wild exploitation as of 2025-11-03.

What is the CVSS score for CVE-2018-19943?

CVE-2018-19943 has a CVSS score of 8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H.

How do I patch CVE-2018-19943?

Patch guidance is available from qnap security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-19943.

Which products are affected by CVE-2018-19943?

16 products: qnap qts, qnap qts, qnap qts, qnap qts, qnap qts, and 11 more.

Fix CVE-2018-19943 - HIGH qnap qts

Description

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: high
Privileges: low
User Action: required
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-79 · Cross-site Scripting (XSS)CWE-80 CWE-79 · Cross-site Scripting (XSS)

Metadata

Primary Vendor: QNAP
Published: 10/28/2020
Last Modified: 11/3/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

qnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qtsqnap : qts

Remediation Guidance

Executive Summary

View on NIST NVD