PT-2023-9098 · Qnap · Quts Hero+1

Yc

·

Published

2023-12-08

·

Updated

2023-12-12

·

CVE-2023-23372

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero h5.1.0 versions prior to 2424 build 20230609 QuTS hero h5.0.1 versions prior to 2515 build 20230907 QuTS hero h4.5.4 versions prior to 2476 build 20230728
Description A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. The issue exists due to insufficient data sanitization, which could allow a remote attacker to conduct an XSS attack using a specially crafted link.
Recommendations For QTS versions prior to 5.0.1.2425 build 20230609, update to QTS 5.0.1.2425 build 20230609 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later. For QuTS hero h5.1.0 versions prior to 2424 build 20230609, update to QuTS hero h5.1.0.2424 build 20230609 or later. For QuTS hero h5.0.1 versions prior to 2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero h4.5.4 versions prior to 2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2024-03600
CVE-2023-23372

Affected Products

Qts
Quts Hero