Security ID : NAS-201804-27
Security Advisory for XSS Vulnerabiltiy in QTS
Release date : April 27, 2018
CVE identifier : CVE-2018-0711
Affected products: QTS 4.3.3: build 20180126 and earlier versions
QTS 4.3.4: build 20180315 and earlier versions
Severity
Moderate
Status
Resolved
Summary
A cross-site scripting vulnerability has been reported to affect QTS 4.3.3 build 20180126, 4.3.4 build 20180315, and earlier versions.
If successfully exploited, the vulnerability may allow remote attackers to inject malicious code in the application.
We have already fixed this issue in the following QTS versions.
- QTS 4.3.3: build 20180402 and later
- QTS 4.3.4: build 20180413 and later
Recommendation
To fix these vulnerabilities, you must update QTS to the following versions.
- QTS 4.3.3: build 20180402 or later
- QTS 4.3.4: build 20180413 or later
Installing the QTS Update
- Log on to QTS as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.
Acknowledgements: louys, Xie Wei(解炜)and Li Yanlong(李衍龙)
Revision History: V1.0 (April 27, 2018) - Published
