PT-2018-8411 · Qnap · Qnap Qts
Tony Martin
·
Publicado
2018-03-27
·
Atualizado
2018-04-18
·
CVE-2017-7632
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
QNAP QTS versions 4.2.6 build 20171026 and earlier, QTS 4.3.3 build 20170727 and earlier
Description
A cross-site scripting (XSS) issue exists in the File Station of QNAP QTS, allowing remote attackers to inject arbitrary web script or HTML. This can lead to the execution of malicious code on the victim's browser.
Recommendations
For QNAP QTS versions 4.2.6 build 20171026 and earlier, and QTS 4.3.3 build 20170727 and earlier, consider disabling the File Station feature until a patch is available to prevent potential exploitation.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Qnap Qts