Search

Security ID : NAS-201812-26

Security Advisory for XSS Vulnerabilities in Q’center Virtual Appliance

  • Release date : December 26, 2018

  • CVE identifier : CVE-2018-0723 | CVE-2018-0724

  • Affected products: Q’center Virtual Appliance 1.8.1014 and earlier versions

Severity

Important

Status

Resolved

Summary

Two cross-site scripting (XSS) vulnerabilities have been reported to affect Q’center Virtual Appliance. If successfully exploited, the vulnerabilities could allow remote attackers to inject Javascript code in the compromised application.

We have already fixed these issues in Q’center Virtual Appliance 1.8.2005 and later versions.

Recommendation

To resolve these issues, you must update Q’center Virtual Appliance to the latest version.

Updating Q’center Virtual Appliance

  1. Log on to Windows.
  2. On your web browser, go to https://www.qnap.com/utilities.
  3. Select Enterprise.
  4. Download the Q'center Virtual Appliance patch.
  5. On your web browser, enter the IP address of Q’center Virtual Appliance.
  6. Log on to Q’center Virtual Appliance.
  7. Go to Settings > Patch > Upload Patch.
    The Upload Patch window appears.
  8. Select the Q’center Virtual Appliance patch, and then click Upload.
    Q’center Virtual Appliance is updated.

 

Acknowledgements: Jarrod Farncomb of TSS (https://dtss.com.au)

Revision History: V1.0 (December 26, 2018) - Published

選擇規格

      顯示更多 隱藏更多

      選擇其他偏好的語言:

      open menu
      back to top