PT-2020-6684 · Qnap · Qnap Qts
Published
2020-10-28
·
Updated
2025-11-03
·
CVE-2018-19943
CVSS v3.1
8.0
High
| Vector | AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP QTS versions prior to 4.2.6 build 20200421
QNAP QTS versions prior to 4.3.3.1252 build 20200409
QNAP QTS versions prior to 4.3.4.1282 build 20200408
QNAP QTS versions prior to 4.3.6.1263 build 20200330
QNAP QTS versions prior to 4.4.1.1261 build 20200330
QNAP QTS versions prior to 4.4.2.1270 build 20200410
Description
This issue is related to a cross-site scripting vulnerability in the QNAP NAS File Station. The vulnerability could allow remote attackers to inject malicious code. If exploited, it may enable attackers to execute arbitrary code.
Recommendations
For QTS versions prior to 4.2.6 build 20200421, update to QTS 4.2.6 build 20200421 or later.
For QTS versions prior to 4.3.3.1252 build 20200409, update to QTS 4.3.3.1252 build 20200409 or later.
For QTS versions prior to 4.3.4.1282 build 20200408, update to QTS 4.3.4.1282 build 20200408 or later.
For QTS versions prior to 4.3.6.1263 build 20200330, update to QTS 4.3.6.1263 build 20200330 or later.
For QTS versions prior to 4.4.1.1261 build 20200330, update to QTS 4.4.1.1261 build 20200330 or later.
For QTS versions prior to 4.4.2.1270 build 20200410, update to QTS 4.4.2.1270 build 20200410 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qnap Qts