安全ID : QSA-21-43
Stored XSS Vulnerability in Image2PDF
发布日期 : October 1, 2021
通用漏洞披露 : CVE-2021-38675
受影响产品: Certain QNAP NAS running Image2PDF
严重程度
Moderate
状态
已解决
Summary
A stored cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code.
We have already fixed this vulnerability in the following versions of Image2PDF:
- Image2PDF 2.1.5 (2021/08/17) and later
Recommendation
To fix the vulnerability, we recommend updating Image2PDF to the latest version.
Updating Image2PDF
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type “Image2PDF” and then press ENTER.
Image2PDF appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your version is already up to date. - Click OK.
The application is updated.
致谢: Tony Martin, a security researcher
修订历史: V1.0 (October 1, 2021) - Published
