Search

Security ID : QSA-22-04

XSS Vulnerabilities in Proxy Server

  • Release date : February 25, 2022

  • CVE identifier : CVE-2021-34359 | CVE-2021-34361

  • Affected products: QNAP NAS running Proxy Server

Severity

Moderate

Status

Resolved

Summary

Cross-site scripting (XSS) vulnerabilities have been reported to affect QNAP NAS running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code.

We have already fixed this vulnerability in the following versions of Proxy Server:

  • QTS 4.5.x: Proxy Server 1.4.2 (2021/12/30) and later

Recommendation

To fix the vulnerabilities, we recommend updating Proxy Server to the latest version.

Updating Proxy Server

  1. Log on to QTS as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Enter "Proxy Server".
    Proxy Server appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your application is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: Tony Martin, a security researcher

Revision History: V1.0 (February 25, 2022) - Published

Elija especificación

      Mostrar más Mostrar menos

      Este portal en otros países / regiones:

      open menu
      back to top