What is the severity of CVE-2018-0711?

CVE-2018-0711 has been classified as a medium severity vulnerability.

How do I fix CVE-2018-0711?

To fix CVE-2018-0711, update your QNAP QTS to version 4.3.4.0604 or later.

What types of attacks are possible due to CVE-2018-0711?

CVE-2018-0711 allows attackers to perform cross-site scripting attacks which can lead to session hijacking and data theft.

Which versions of QNAP QTS are affected by CVE-2018-0711?

CVE-2018-0711 affects QTS versions 4.3.3 and 4.3.4 prior to the latest patch released.

Can CVE-2018-0711 be exploited remotely?

Yes, CVE-2018-0711 can be exploited remotely by attackers if they can access the vulnerable QNAP QTS instance.

Vulnerability/
CVE-2018-0711

medium

6.1

CWE

30/4/2018

16/9/2024

CVE-2018-0711: XSS

First published: Mon Apr 30 2018(Updated: )

Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QTS	=4.3.3.0514
QNAP QTS	=4.3.3.0546
QNAP QTS	=4.3.3.0570
QNAP QTS	=4.3.4.0516
QNAP QTS	=4.3.4.0526
QNAP QTS	=4.3.4.0551
QNAP QTS	=4.3.4.0557
QNAP QTS	=4.3.4.0561
QNAP QTS	=4.3.4.0569
QNAP QTS	=4.3.4.0593
QNAP QTS	=4.3.4.0597
QNAP QTS	=4.3.4.0604

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-0711?
CVE-2018-0711 has been classified as a medium severity vulnerability.
How do I fix CVE-2018-0711?
To fix CVE-2018-0711, update your QNAP QTS to version 4.3.4.0604 or later.
What types of attacks are possible due to CVE-2018-0711?
CVE-2018-0711 allows attackers to perform cross-site scripting attacks which can lead to session hijacking and data theft.
Which versions of QNAP QTS are affected by CVE-2018-0711?
CVE-2018-0711 affects QTS versions 4.3.3 and 4.3.4 prior to the latest patch released.
Can CVE-2018-0711 be exploited remotely?
Yes, CVE-2018-0711 can be exploited remotely by attackers if they can access the vulnerable QNAP QTS instance.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/severity
agent/author
agent/weakness
agent/tags
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
vendor/qnap
canonical/qnap qts
version/qnap qts/4.3.3.0514
version/qnap qts/4.3.3.0546
version/qnap qts/4.3.3.0570
version/qnap qts/4.3.4.0516
version/qnap qts/4.3.4.0526
version/qnap qts/4.3.4.0551
version/qnap qts/4.3.4.0557
version/qnap qts/4.3.4.0561
version/qnap qts/4.3.4.0569
version/qnap qts/4.3.4.0593
version/qnap qts/4.3.4.0597
version/qnap qts/4.3.4.0604

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.