Security Advisory for XSS Vulnerabiltiy in QTS

Summary

A cross-site scripting vulnerability has been reported to affect QTS 4.3.3 build 20180126, 4.3.4 build 20180315, and earlier versions.

If successfully exploited, the vulnerability may allow remote attackers to inject malicious code in the application.

We have already fixed this issue in the following QTS versions.

• QTS 4.3.3: build 20180402 and later
• QTS 4.3.4: build 20180413 and later

Recommendation

To fix these vulnerabilities, you must update QTS to the following versions.

• QTS 4.3.3: build 20180402 or later
• QTS 4.3.4: build 20180413 or later

Installing the QTS Update

1. Log on to QTS as administrator.
2. Go to Control Panel > System > Firmware Update.
3. Under Live Update, click Check for Update.
   QTS downloads and installs the latest available update.