Vulnerability in QuLog Center on QTS, QuTS hero and QuTScloud

Summary

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center on several QNAP operating systems. If exploited, the vulnerability allows authenticated administrators to inject malicious code via network vector.

We have already fixed the vulnerability in the following operating system and QuLog Center versions:

• QTS 5.0.1: QuLog Center 1.5.0.738 (2023/03/06) and later
• QTS 4.5.4: QuLog Center 1.3.1.645 (2023/02/22) and later
• QuTS hero h5.0.1: QuLog Center 1.5.0.738 (2023/03/06) and later
• QuTS hero h4.5.4: QuLog Center 1.3.1.645 (2023/02/22) and later
• QuTscloud c5.0.1: QuLog Center 1.4.1.691 (2023/03/01) and later

Recommendation

To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model. In addition, for online activities, it's recommended to access the web through secure and trusted networks.

Updating QuLog Center

1. Log in to QTS, QuTS hero, QuTScloud, or QVP.
2. Open App Center and then click .
   A search box appears.
3. Enter "QuLog Center".
   QuLog Center appears in the search results.
4. Click Update.
   A confirmation message appears.
   Note: The Update button is not available if the application is already up to date.
5. Click OK.
   The application is updated.