CVE-2017-13072: XSS
First published: Thu Jun 21 2018(Updated: )
Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP QTS | =4.2.6 | |
| QNAP QTS | =4.3.3 | |
| QNAP QTS | =4.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-13072?
CVE-2017-13072 is classified with a medium severity due to the potential for remote code execution via cross-site scripting.
How do I fix CVE-2017-13072?
To fix CVE-2017-13072, users should update their QNAP QTS firmware to the latest version that addresses this vulnerability.
Which versions of QNAP QTS are affected by CVE-2017-13072?
CVE-2017-13072 affects QNAP QTS versions 4.2.6, 4.3.3, and 4.3.4, including earlier versions.
What is cross-site scripting in the context of CVE-2017-13072?
Cross-site scripting, in the context of CVE-2017-13072, allows attackers to inject malicious JavaScript code into web applications, which can then be executed in the context of the user's browser.
Can CVE-2017-13072 be exploited remotely?
Yes, CVE-2017-13072 can be exploited remotely by attackers to execute injected scripts without requiring physical access to the device.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/qnap
- canonical/qnap qts
- version/qnap qts/4.2.6
- version/qnap qts/4.3.3
- version/qnap qts/4.3.4