PT-2018-11759 · Terramaster · Terramaster Tos
Published
2018-11-27
·
Updated
2018-12-19
·
CVE-2018-13335
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TerraMaster TOS version 3.1.03
Description
The issue allows attackers to execute JavaScript when viewing shared folders via their descriptions, due to cross-site scripting in the Control Panel.
Recommendations
For TerraMaster TOS version 3.1.03, update to a version that fixes the cross-site scripting issue in the Control Panel, as a temporary workaround consider restricting access to shared folder descriptions to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Terramaster Tos