Search

Security ID : QSA-21-31

Stored XSS Vulnerability in Q'center

  • Release date : July 1, 2021

  • CVE identifier : CVE-2021-28803

  • Affected products: QNAP NAS running Q'center

Severity

Moderate

Status

Resolved

Summary

A stored XSS vulnerability has been reported to affect QNAP NAS running Q'center. If exploited, this vulnerability allows attackers to inject malicious code.


We have already fixed this vulnerability in the following versions:


  • Q'center 1.11.1004 and later

Recommendation

To fix the vulnerability, we recommend updating Q'center to the latest version.


Updating Q'center

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center, and then click .
    A search box appears.
  3. Type “Q'center”, and then press ENTER.
    The Q'center application appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if you are using the latest version.
  5. Click OK.
    The application is updated.

Acknowledgements: Jan Hoff

Revision History: V1.0 (July 1, 2021) - Published

選擇規格

      顯示更多 隱藏更多

      選擇其他偏好的語言:

      open menu
      back to top