CVE-2020-2495: Cross-site scripting vulnerability in QTS and QuTS hero
First published: Thu Dec 10 2020(Updated: )
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP QuTS hero | <4.5.1.1472 | |
| QNAP QTS | <4.5.1.1456 | |
| QNAP QTS | <4.4.3.1354 | |
| QNAP QTS | <4.3.6.1333 | |
| QNAP QTS | <4.3.4.1368 | |
| QNAP QTS | <4.3.3.1315 | |
| QNAP QTS | <4.2.6 |
Remedy
QNAP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/qnap
- canonical/qnap quts hero
- canonical/qnap qts