Security ID : QSA-21-43
Stored XSS Vulnerability in Image2PDF
Release date : October 1, 2021
CVE identifier : CVE-2021-38675
Affected products: Certain QNAP NAS running Image2PDF
Severity
Moderate
Status
Resolved
Summary
A stored cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code.
We have already fixed this vulnerability in the following versions of Image2PDF:
- Image2PDF 2.1.5 (2021/08/17) and later
Recommendation
To fix the vulnerability, we recommend updating Image2PDF to the latest version.
Updating Image2PDF
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type “Image2PDF” and then press ENTER.
Image2PDF appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your version is already up to date. - Click OK.
The application is updated.
Acknowledgements: Tony Martin, a security researcher
Revision History: V1.0 (October 1, 2021) - Published
