- Description
- A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later
- Source
- security@qnapsecurity.com.tw
- NVD status
- Analyzed
- Products
- qumagie
CVSS 4.0
- Type
- Secondary
- Base score
- 2.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- LOW
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@qnapsecurity.com.tw
- CWE-79
- Hype score
- Not currently trending
CVE-2025-62857 Cross-Site Scripting Vulnerability in QuMagie Prior to Version 2.8.1 https://t.co/iI5ztDRGvE
@VulmonFeeds
2 Jan 2026
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-62857 A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms … https://t.co/9vdlPaVRBq
@CVEnew
2 Jan 2026
164 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:qumagie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC73B710-5F08-4442-89CE-053FCE9C43E8",
"versionEndExcluding": "2.8.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]