Qnap · Qts · CVE-2018-0711
**Name of the Vulnerable Software and Affected Versions**
QNAP QTS versions 4.3.3 build 20180126 and earlier, QTS 4.3.4 build 20180315 and earlier
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to unauthorized actions on the affected system.
**Recommendations**
For QNAP QTS versions 4.3.3 build 20180126 and earlier, update to a version later than 4.3.3 build 20180126.
For QTS 4.3.4 build 20180315 and earlier, update to a version later than 4.3.4 build 20180315.