Security ID : QSA-21-30
Stored XSS Vulnerability in QuLog Center
Release date : July 1, 2021
CVE identifier : CVE-2020-36196
Affected products: QNAP NAS running QuLog Center
Severity
Moderate
Status
Resolved
Summary
A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code.
We have already fixed this vulnerability in the following versions:
- QuLog Center 1.2.0 and later
Recommendation
To fix the vulnerability, we recommend updating QuLog Center to the latest version.
Updating QuLog Center
- Log on to QTS or QuTS hero as administrator.
- Open the App Center, and then click
.
A search box appears. - Type “QuLog Center”, and then press ENTER.
The QuLog Center application appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if you are using the latest version. - Click OK.
The application is updated.
Acknowledgements: Jan Hoff
Revision History: V1.0 (July 1, 2021) - Published
