Security ID : QSA-21-31
Stored XSS Vulnerability in Q'center
Release date : July 1, 2021
CVE identifier : CVE-2021-28803
Affected products: QNAP NAS running Q'center
Severity
Moderate
Status
Resolved
Summary
A stored XSS vulnerability has been reported to affect QNAP NAS running Q'center. If exploited, this vulnerability allows attackers to inject malicious code.
We have already fixed this vulnerability in the following versions:
- Q'center 1.11.1004 and later
Recommendation
To fix the vulnerability, we recommend updating Q'center to the latest version.
Updating Q'center
- Log on to QTS or QuTS hero as administrator.
- Open the App Center, and then click
.
A search box appears. - Type “Q'center”, and then press ENTER.
The Q'center application appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if you are using the latest version. - Click OK.
The application is updated.
Acknowledgements: Jan Hoff
Revision History: V1.0 (July 1, 2021) - Published