PT-2018-9037 · Qnap Systems · Qts

Davide Cioccia

Published

2018-11-27

Updated

2020-01-16

CVE-2018-0719

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions QNAP Systems Inc. QTS versions prior to 4.2.6 on build 20180711 QNAP Systems Inc. QTS versions prior to 4.3.3 on build 20180725 QNAP Systems Inc. QTS versions prior to 4.3.4 on build 20180710

Description A Cross-site Scripting (XSS) issue allows attackers to inject javascript, affecting QNAP Systems Inc. QTS.

Recommendations For QNAP Systems Inc. QTS versions prior to 4.2.6 on build 20180711, update to a version newer than 4.2.6. For QNAP Systems Inc. QTS versions prior to 4.3.3 on build 20180725, update to a version newer than 4.3.3. For QNAP Systems Inc. QTS versions prior to 4.3.4 on build 20180710, update to a version newer than 4.3.4.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-0719

Affected Products

Qts

PT-2018-9037 · Qnap Systems · Qts

CVE-2018-0719

Weakness Enumeration

Related Identifiers

Affected Products

References · 3