Search

Security ID : NAS-201805-16

Security Advisory for XSS Vulnerability in App Center

  • Release date : May 16, 2018

  • CVE identifier : CVE-2017-13072

  • Affected products: App Center in QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and earlier versions

Severity

Moderate

Status

Resolved

Summary

A cross-site scripting vulnerability has been reported to affect App Center in QTS 4.2.6 build 20171208, 4.3.3 build 20171213, 4.3.4 build 20171223 and their earlier versions.

If successfully exploited, the vulnerability could allow remote attackers to inject Javascript code in the compromised application.

We have already fixed these issues in the following QTS versions.

  • QTS 4.2.6 build 20180504 and later
  • QTS 4.3.3 build 20180126 and later
  • QTS 4.3.4 build 20171230 and later

Recommendation

To fix these vulnerabilities, you must update QTS to the following versions.

  • QTS 4.2.6 build 20180504 or later
  • QTS 4.3.3 build 20180126 or later
  • QTS 4.3.4 build 20171230 or later

Installing the QTS Update

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.

Tip: You can also download the update from the QNAP website. Go to Support > Download, and then perform a manual update.

 

Acknowledgements: Jesse Huang

Revision History: V1.0 (May 16, 2018) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top