Security ID : QSA-21-48
Reflected XSS Vulnerability in Ragic Cloud DB
- Release date : November 19, 2021 
- CVE identifier : CVE-2021-38681 
- Affected products: QNAP NAS running Ragic Cloud DB 
Severity
Moderate
Summary
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code.
We have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.
Recommendation
To secure your device, we recommend uninstalling Ragic Cloud DB until a security patch is available.
Uninstalling Ragic Cloud DB
- Log on to QTS or QuTS hero as administrator.
- Open the App Center.
- Locate Ragic Cloud DB, and then click  . .
- Select Remove.
 A confirmation message appears.
- Click OK.
 QTS or QuTS hero uninstalls the application.
Revision History: V1.0 (November 19, 2021) - Published
 
                                     
                                    