Resolved Cross-site Scripting Vulnerability in Music Station
- Release date: December 7, 2020
- Security ID: QSA-20-13
- Severity: Medium
- CVE identifier: CVE-2020-2494
- Affected products: QNAP NAS running Music Station
- Status: Resolved
Summary
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code.
We have already fixed this vulnerability in the following versions of Music Station.
- QuTS hero h4.5.1: Music Station 5.3.13 and later
- QTS 4.5.1: Music Station 5.3.12 and later
- QTS 4.4.3: Music Station 5.3.12 and later
Recommendation
To fix the issue, we recommend updating Music Station to the latest version.
Updating Music Station
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type “Music Station” and then press ENTER.
Music Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Music Station is already up to date. - Click OK.
The application is updated.
Acknowledgements: Jan Hoff
Revision History: V1.0 (December 7, 2020) - Published