Vulnerability in Qnap Qts

CVE-2018-0711

Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.

EPSS: 0.002 (45.8th percentile) — read the EPSS interpretation.

Affected products

Qnap Qts — versions QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315 and earlier

References

www.qnap.com/zh-tw/security-advisory/nas-201804-27 (x_refsource_CONFIRM)
1040779 (vdb-entry, x_refsource_SECTRACK)