Security ID : QSA-20-13
Cross-site Scripting Vulnerability in Music Station
Release date : December 7, 2020
CVE identifier : CVE-2020-2494
Affected products: QNAP NAS running Music Station
Severity
Moderate
Status
Resolved
Summary
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code.
We have already fixed this vulnerability in the following versions of Music Station.
- QuTS hero h4.5.1: Music Station 5.3.13 and later
- QTS 4.5.1: Music Station 5.3.12 and later
- QTS 4.4.3: Music Station 5.3.12 and later
Recommendation
To fix the issue, we recommend updating Music Station to the latest version.
Updating Music Station
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type “Music Station” and then press ENTER.
Music Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Music Station is already up to date. - Click OK.
The application is updated.
Acknowledgements: Jan Hoff
Revision History: V1.0 (December 7, 2020) - Published
