Search

安全ID : QSA-22-04

XSS Vulnerabilities in Proxy Server

  • 发布日期 : February 25, 2022

  • 通用漏洞披露 : CVE-2021-34359 | CVE-2021-34361

  • 受影响产品: QNAP NAS running Proxy Server

严重程度

Moderate

状态

已解决

Summary

Cross-site scripting (XSS) vulnerabilities have been reported to affect QNAP NAS running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code.

We have already fixed this vulnerability in the following versions of Proxy Server:

  • QTS 4.5.x: Proxy Server 1.4.2 (2021/12/30) and later

Recommendation

To fix the vulnerabilities, we recommend updating Proxy Server to the latest version.

Updating Proxy Server

  1. Log on to QTS as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Enter "Proxy Server".
    Proxy Server appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your application is already up to date.
  5. Click OK.
    The application is updated.

致谢: Tony Martin, a security researcher

修订历史: V1.0 (February 25, 2022) - Published

选择规格

      显示更多 隐藏更多
      open menu
      back to top