Search

安全ID : QSA-20-13

Cross-site Scripting Vulnerability in Music Station

  • 发布日期 : December 7, 2020

  • 通用漏洞披露 : CVE-2020-2494

  • 受影响产品: QNAP NAS running Music Station

严重程度

Moderate

状态

已解决

Summary

This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. 

We have already fixed this vulnerability in the following versions of Music Station.

  • QuTS hero h4.5.1: Music Station 5.3.13 and later
  • QTS 4.5.1: Music Station 5.3.12 and later
  • QTS 4.4.3: Music Station 5.3.12 and later

Recommendation

To fix the issue, we recommend updating Music Station to the latest version.


Updating Music Station

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “Music Station” and then press ENTER.
    Music Station appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your Music Station is already up to date.
  5. Click OK.
    The application is updated.

致谢: Jan Hoff

修订历史: V1.0 (December 7, 2020) - Published

选择规格

      显示更多 隐藏更多
      open menu
      back to top