Security ID : QSA-21-31

Stored XSS Vulnerability in Q'center


  • Release date : July 1, 2021

  • CVE identifier : CVE-2021-28803

  • Affected products: QNAP NAS running Q'center

Severity

Moderate

Status

Resolved


Summary

A stored XSS vulnerability has been reported to affect QNAP NAS running Q'center. If exploited, this vulnerability allows attackers to inject malicious code.


We have already fixed this vulnerability in the following versions:


  • Q'center 1.11.1004 and later

Recommendation

To fix the vulnerability, we recommend updating Q'center to the latest version.


Updating Q'center

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center, and then click .
    A search box appears.
  3. Type “Q'center”, and then press ENTER.
    The Q'center application appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if you are using the latest version.
  5. Click OK.
    The application is updated.

Acknowledgements: Jan Hoff

Revision History: V1.0 (July 1, 2021) - Published

仕様を選択

      もっと見る 閉じる

      当ページを他の国/地域で見る:

      気軽にお問い合わせ! show inquiry button
      open menu
      back to top