PT-2021-11962 · Qnap Systems · Quts Hero+1

Jakub Korepta

Published

2021-07-01

Updated

2021-07-06

CVE-2020-36194

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202 QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414

Description: A reported issue allows attackers to inject malicious code. This is achieved through an XSS vulnerability.

Recommendations: For QTS versions prior to 4.5.2.1566 Build 20210202, update to version 4.5.2.1566 Build 20210202 or later. For QuTS hero versions prior to h4.5.2.1638 build 20210414, update to version h4.5.2.1638 build 20210414 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-36194

Affected Products

Qts

Quts Hero

PT-2021-11962 · Qnap Systems · Quts Hero+1

CVE-2020-36194

Weakness Enumeration

Related Identifiers

Affected Products

References · 3