PT-2018-9031 · Qnap · Qts

Li Yanlong

Published

2018-04-30

Updated

2018-06-06

CVE-2018-0711

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions QNAP QTS versions 4.3.3 build 20180126 and earlier, QTS 4.3.4 build 20180315 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to unauthorized actions on the affected system.

Recommendations For QNAP QTS versions 4.3.3 build 20180126 and earlier, update to a version later than 4.3.3 build 20180126. For QTS 4.3.4 build 20180315 and earlier, update to a version later than 4.3.4 build 20180315.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-0711

Affected Products

Qts

PT-2018-9031 · Qnap · Qts

CVE-2018-0711

Weakness Enumeration

Related Identifiers

Affected Products

References · 4