Cross site scripting

2019-12-0417:16:00

PRIOn knowledge base

www.prio-n.com

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.6%

JSON

A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version.

CPENameOperatorVersion
qtseq4.3.3
qtseq4.3.4
qtseq4.2.6
qtseq4.3.6
qtseq4.4.1

Name	Operator	Version
qts	eq	4.3.3
qts	eq	4.3.4
qts	eq	4.2.6
qts	eq	4.3.6
qts	eq	4.4.1

References

www.qnap.com/zh-tw/security-advisory/nas-201911-26