安全ID : QSA-24-35
Vulnerability in Download Station
发布日期 : September 7, 2024
通用漏洞披露 : CVE-2024-38640
受影响产品: Download Station 5.8.x
严重程度
Moderate
状态
已解决
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
| Affected Product | Fixed Version |
| Download Station 5.8.x | Download Station 5.8.6.283 (2024/06/21) and later |
Recommendation
To fix the vulnerability, we recommend updating Download Station to the latest version.
Updating Download Station
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Download Station" and then press ENTER.
Download Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Download Station is already up to date. - Click OK.
The application is updated.
附件
致谢: Mohammad Abdullah - Infosec Researcher & Bugbounty hunter
修订历史:
V1.0 (September 07, 2024) - Published
