Qnap Security Advisory | Bulletin ID: QSA-22-04
Concerning XSS vulnerabilities in proxy server
This is a Press Release edited by StorageNewsletter.com on March 2, 2022 at 2:01 pmQnap Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of the company’s products.
Use following information and solutions to correct the security issues and vulnerabilities.
XSS vulnerabilities in Proxy Server
Release date: February 25, 2022
Security ID: QSA-22-04
Severity: Medium
CVE identifier: CVE-2021-34359 | CVE-2021-34361
Affected products: Qnap NAS running Proxy Server
Summary
Cross-site scripting (XSS) vulnerabilities have been reported to affect Qnap NAS running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code.
The company have already fixed this vulnerability in the following versions of Proxy Server:
-
QTS 4.5.x: Proxy Server 1.4.2 (2021/12/30) and later
Recommendation
To fix the vulnerabilities, Qnap recommend updating Proxy Server to the latest version.
Updating Proxy Server
-
Log on to QTS as administrator.
-
Open the App Center and then click on
A search box appears. -
Enter ‘Proxy Server’.
Proxy Server appears in the search results. -
Click Update.
A confirmation message appears.
Note: The Update button is not available if your application is already up to date. -
Click OK.
The application is updated.
Acknowledgements: Tony Martin, a security researcher
Revision history: V1.0 (February 25, 2022) – Published
Subscribe to our free daily newsletter
