PT-2021-17930 · Qnap Systems · Quts Hero+2

Marcin Zięba

Published

2021-06-03

Updated

2021-06-09

CVE-2021-28806

CVSS v3.1

5.7

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428 QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 Build 20210414 QNAP Systems Inc. QuTScloud versions prior to c4.5.5.1656 Build 20210503

Description: A DOM-based XSS issue has been reported, affecting QNAP NAS running QTS and QuTS hero, allowing attackers to inject malicious code if exploited.

Recommendations: For QTS versions prior to 4.5.3.1652 Build 20210428, update to version 4.5.3.1652 Build 20210428 or later. For QuTS hero versions prior to h4.5.2.1638 Build 20210414, update to version h4.5.2.1638 Build 20210414 or later. For QuTScloud versions prior to c4.5.5.1656 Build 20210503, update to version c4.5.5.1656 Build 20210503 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-28806

Affected Products

Qts

Quts Hero

Qutscloud

PT-2021-17930 · Qnap Systems · Quts Hero+2

CVE-2021-28806

Weakness Enumeration

Related Identifiers

Affected Products

References · 4