Jesse Huang

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 4.3.4 build 20171223 Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject Javascript code. This could potentially lead to unauthorized actions on the affected system. Recommendations: For QNAP QTS versions prior to 4.3.4 build 20171223, update to a version later than 4.3.4 build 20171223 to resolve the issue. As a temporary workaround, consider restricting access to the App Center to minimize the risk of exploitation.