CVE-2021-44053

Name of the Vulnerable Software and Affected Versions QTS versions prior to 4.5.4.1991 build 20220329 QTS versions prior to 5.0.0.1986 build 20220324 QuTS hero versions prior to h4.5.4.1971 build 20220310 QuTS hero versions prior to h5.0.0.1986 build 20220324 QuTScloud versions prior to c5.0.1.1949

Description A cross-site scripting (XSS) issue affects QNAP devices running QTS, QuTS hero, and QuTScloud, due to inadequate protection of the web page structure. This allows remote attackers to inject malicious code, potentially impacting the confidentiality and integrity of information.

Recommendations For QTS versions prior to 4.5.4.1991 build 20220329, update to QTS 4.5.4.1991 build 20220329 or later. For QTS versions prior to 5.0.0.1986 build 20220324, update to QTS 5.0.0.1986 build 20220324 or later. For QuTS hero versions prior to h4.5.4.1971 build 20220310, update to QuTS hero h4.5.4.1971 build 20220310 or later. For QuTS hero versions prior to h5.0.0.1986 build 20220324, update to QuTS hero h5.0.0.1986 build 20220324 or later. For QuTScloud versions prior to c5.0.1.1949, update to QuTScloud c5.0.1.1949 or later.