安全ID : QSA-21-47
Reflected XSS Vulnerability in QmailAgent
发布日期 : November 12, 2021
通用漏洞披露 : CVE-2021-34357
受影响产品: QNAP NAS running QmailAgent
严重程度
Moderate
状态
已解决
Summary
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code.
We have already fixed this vulnerability in the following versions of QmailAgent:
- QmailAgent 3.0.2 (2021/08/25) and later
Recommendation
To fix the vulnerability, we recommend updating QmailAgent to the latest version.
Updating QmailAgent
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type “QmailAgent” and then press ENTER.
QmailAgent appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your QmailAgent is already up to date. - Click OK.
The application is updated.
致谢: Tony Martin, a security researcher
修订历史: V1.0 (November 12, 2021) - Published
