Search

Security ID : NAS-201812-26

Security Advisory for XSS Vulnerabilities in Q’center Virtual Appliance

  • Release date : December 26, 2018

  • CVE identifier : CVE-2018-0723 | CVE-2018-0724

  • Affected products: Q’center Virtual Appliance 1.8.1014 and earlier versions

Severity

Important

Status

Resolved

Summary

Two cross-site scripting (XSS) vulnerabilities have been reported to affect Q’center Virtual Appliance. If successfully exploited, the vulnerabilities could allow remote attackers to inject Javascript code in the compromised application.

We have already fixed these issues in Q’center Virtual Appliance 1.8.2005 and later versions.

Recommendation

To resolve these issues, you must update Q’center Virtual Appliance to the latest version.

Updating Q’center Virtual Appliance

  1. Log on to Windows.
  2. On your web browser, go to https://www.qnap.com/utilities.
  3. Select Enterprise.
  4. Download the Q'center Virtual Appliance patch.
  5. On your web browser, enter the IP address of Q’center Virtual Appliance.
  6. Log on to Q’center Virtual Appliance.
  7. Go to Settings > Patch > Upload Patch.
    The Upload Patch window appears.
  8. Select the Q’center Virtual Appliance patch, and then click Upload.
    Q’center Virtual Appliance is updated.

 

Acknowledgements: Jarrod Farncomb of TSS (https://dtss.com.au)

Revision History: V1.0 (December 26, 2018) - Published

仕様を選択

      もっと見る 閉じる

      当ページを他の国/地域で見る:

      気軽にお問い合わせ! show inquiry button
      open menu
      back to top