安全ID : QSA-25-40
Vulnerability in Notification Center
发布日期 : November 8, 2025
通用漏洞披露 : CVE-2025-54167
受影响产品: Notification Center 1.9.x, 2.1.x, 3.0.x
严重程度
Moderate
状态
已解决
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
| Affected Product | Fixed Version |
| Notification Center 1.9.x (for QTS 5.2.x, QuTS hero h5.2.x) | Notification Center 1.9.2.3163 and later |
| Notification Center 2.1.x (for QuTS hero h5.3.x) | Notification Center 2.1.0.3443 and later |
| Notification Center 3.0.x (for QuTS hero h5.6.x, h6.0.x) | Notification Center 3.0.0.3466 and later |
Recommendation
To fix the vulnerability, we recommend updating Notification Center to the latest version.
Updating Notification Center
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Notification Center" and then press ENTER.
Notification Center appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Notification Center is already up to date. - Click OK.
The system updates the application.
附件
致谢: Mohammad Abdullah - Infosec Researcher & Bugbounty hunter
修订历史:
V1.0 (November 8, 2025) - Published
