Severity

High

Analysis Summary

CVE-2021-28803

A stored XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows attackers to inject malicious code.

CVE-2020-36194

An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code.

Impact

• Cross-site scripting

Affected Vendors

QNAP

Affected Products

• Q’center 1.11.1004 and later
• QTS 4.5.2.1566 Build 20210202 and later
• QuTS hero h4.5.2.1638 build 20210414 and late\

Remediation

• For QTS and QuTS hero follow the below-mentioned link https://www.qnap.com/en/security-advisory/qsa-21-31

• For Q’center follow the below-mentioned link https://www.qnap.com/en/security-advisory/qsa-21-32