PT-2018-8411 · Qnap · Qnap Qts
Tony Martin
·
Published
2018-03-27
·
Updated
2018-04-18
·
CVE-2017-7632
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
QNAP QTS versions 4.2.6 build 20171026 and earlier, QTS 4.3.3 build 20170727 and earlier
Description
A cross-site scripting (XSS) issue exists in the File Station of QNAP QTS, allowing remote attackers to inject arbitrary web script or HTML. This can lead to the execution of malicious code on the victim's browser.
Recommendations
For QNAP QTS versions 4.2.6 build 20171026 and earlier, and QTS 4.3.3 build 20170727 and earlier, consider disabling the File Station feature until a patch is available to prevent potential exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qnap Qts