PT-2018-5466 · Qnap · Qnap Qts
Jesse Huang
·
Published
2018-06-21
·
Updated
2018-08-10
·
CVE-2017-13072
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
QNAP QTS versions prior to 4.3.4 build 20171223
Description:
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject Javascript code. This could potentially lead to unauthorized actions on the affected system.
Recommendations:
For QNAP QTS versions prior to 4.3.4 build 20171223, update to a version later than 4.3.4 build 20171223 to resolve the issue. As a temporary workaround, consider restricting access to the App Center to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qnap Qts