CVE-2017-7631: XSS
First published: Tue Mar 27 2018(Updated: )
Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP QTS | =4.2.6 | |
| QNAP QTS | =4.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7631?
CVE-2017-7631 is considered a high severity vulnerability due to its potential for exploitation via cross-site scripting.
How do I fix CVE-2017-7631?
To fix CVE-2017-7631, update your QNAP device to the latest version of QTS beyond 4.3.3.
Which versions of QTS are affected by CVE-2017-7631?
CVE-2017-7631 affects QNAP QTS versions 4.2.6 and 4.3.3 build 20170727 and earlier.
What type of attacks can CVE-2017-7631 enable?
CVE-2017-7631 can enable remote attackers to inject arbitrary web scripts or HTML into share links.
Is there a workaround for CVE-2017-7631 if I cannot update immediately?
As a temporary measure, you can limit access to the File Station and disable sharing links until the vulnerability is patched.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- vendor/qnap
- canonical/qnap qts
- version/qnap qts/4.2.6
- version/qnap qts/4.3.3