Security Advisory for XSS Vulnerability in App Center

Summary

A cross-site scripting vulnerability has been reported to affect App Center in QTS 4.2.6 build 20171208, 4.3.3 build 20171213, 4.3.4 build 20171223 and their earlier versions.

If successfully exploited, the vulnerability could allow remote attackers to inject Javascript code in the compromised application.

We have already fixed these issues in the following QTS versions.

• QTS 4.2.6 build 20180504 and later
• QTS 4.3.3 build 20180126 and later
• QTS 4.3.4 build 20171230 and later

Recommendation

To fix these vulnerabilities, you must update QTS to the following versions.

• QTS 4.2.6 build 20180504 or later
• QTS 4.3.3 build 20180126 or later
• QTS 4.3.4 build 20171230 or later

Installing the QTS Update

1. Log on to QTS as administrator.
2. Go to Control Panel > System > Firmware Update.
3. Under Live Update, click Check for Update.

Tip: You can also download the update from the QNAP website. Go to Support > Download, and then perform a manual update.