Search

安全ID : NAS-201812-26

Security Advisory for XSS Vulnerabilities in Q’center Virtual Appliance

  • 发布日期 : December 26, 2018

  • 通用漏洞披露 : CVE-2018-0723 | CVE-2018-0724

  • 受影响产品: Q’center Virtual Appliance 1.8.1014 and earlier versions

严重程度

Important

状态

已解决

Summary

Two cross-site scripting (XSS) vulnerabilities have been reported to affect Q’center Virtual Appliance. If successfully exploited, the vulnerabilities could allow remote attackers to inject Javascript code in the compromised application.

We have already fixed these issues in Q’center Virtual Appliance 1.8.2005 and later versions.

Recommendation

To resolve these issues, you must update Q’center Virtual Appliance to the latest version.

Updating Q’center Virtual Appliance

  1. Log on to Windows.
  2. On your web browser, go to https://www.qnap.com/utilities.
  3. Select Enterprise.
  4. Download the Q'center Virtual Appliance patch.
  5. On your web browser, enter the IP address of Q’center Virtual Appliance.
  6. Log on to Q’center Virtual Appliance.
  7. Go to Settings > Patch > Upload Patch.
    The Upload Patch window appears.
  8. Select the Q’center Virtual Appliance patch, and then click Upload.
    Q’center Virtual Appliance is updated.

 

致谢: Jarrod Farncomb of TSS (https://dtss.com.au)

修订历史: V1.0 (December 26, 2018) - Published

选择规格

      显示更多 隐藏更多
      open menu
      back to top