Search

Security ID : QSA-21-48

Reflected XSS Vulnerability in Ragic Cloud DB

  • Release date : November 19, 2021

  • CVE identifier : CVE-2021-38681

  • Affected products: QNAP NAS running Ragic Cloud DB

Severity

Moderate

Summary

A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code.

We have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.

Recommendation

To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available.

Uninstalling Ragic Cloud DB

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center.
  3. Locate Ragic Cloud DB, and then click .
  4. Select Remove.
    A confirmation message appears.
  5. Click OK.
    QTS or QuTS hero uninstalls the application.

Revision History: V1.0 (November 19, 2021) - Published

Choose specification

      Show more Less

      This site in other countries/regions:

      open menu
      back to top