PT-2020-6683 · Qnap · Qnap Qts
Published
2020-10-28
·
Updated
2025-11-03
·
CVE-2018-19953
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
QNAP QTS versions prior to 4.4.2.1231
QNAP QTS versions prior to 4.4.1.1201
QNAP QTS versions prior to 4.3.6.1218
QNAP QTS versions prior to 4.3.4.1190
QNAP QTS versions prior to 4.3.3.1161
QNAP QTS versions prior to 4.2.6
Description
The issue is related to a cross-site scripting vulnerability in the QNAP NAS File Station. This vulnerability could allow remote attackers to inject malicious code.
Recommendations
For QTS versions prior to 4.4.2.1231, update to QTS 4.4.2.1231 or later.
For QTS versions prior to 4.4.1.1201, update to QTS 4.4.1.1201 or later.
For QTS versions prior to 4.3.6.1218, update to QTS 4.3.6.1218 or later.
For QTS versions prior to 4.3.4.1190, update to QTS 4.3.4.1190 or later.
For QTS versions prior to 4.3.3.1161, update to QTS 4.3.3.1161 or later.
For QTS versions prior to 4.2.6, update to QTS 4.2.6 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qnap Qts