What are you looking for ?
Advertise with us
Advertise with us

Qnap Security Advisory QSA-21-47

Status resolved, concerning reflected XSS vulnerability in QmailAgent

Qnap Systems, Inc. has published a security advisory concerning reflected XSS vulnerability in QmailAgent.

  • Release date: November 12, 2021

  • Security ID: QSA-21-47

  • Severity: Medium

  • CVE identifier: CVE-2021-34357

  • Affected products: Qnap NAS running QmailAgent

  • Status: Resolved

Summary
A reflected cross-site scripting (XSS) vulnerability has been reported to affect Qnap NAS running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code.

The company have already fixed this vulnerability in the following versions of QmailAgent:

  • QmailAgent 3.0.2 (2021/08/25) and later

Recommendation
To fix the vulnerability, we recommend updating QmailAgent to the latest version.

Updating QmailAgent

  1. Log on to QTS or QuTS hero as administrator.

  2. Open the App Center and then click .Qnap Loupe
    A search box appears.

  3. Type ‘QmailAgent’ and then press ENTER.
    QmailAgent appears in the search results.

  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your QmailAgent is already up to date.

  5. Click OK.
    The application is updated.

Acknowledgements: Tony Martin, a security researcher

Revision history: V1.0 (November 12, 2021) – Published

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E
RAIDON