Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h184.108.40.2062 build 20201031 and later QTS 220.127.116.116 build 20201015 and later QTS 18.104.22.1684 build 20200702 and later QTS 22.214.171.1243 build 20200608 and later QTS 126.96.36.1998 build 20200703 and later QTS 188.8.131.525 build 20200611 and later QTS 4.2.6 build 20200611 and later
CWE-79 - Cross Site Scripting
Cross-Site Scripting, commonly referred to as XSS, is the most dominant class of vulnerabilities. It allows an attacker to inject malicious code into a pregnable web application and victimize its users. The exploitation of such a weakness can cause severe issues such as account takeover, and sensitive data exfiltration. Because of the prevalence of XSS vulnerabilities and their high rate of exploitation, it has remained in the OWASP top 10 vulnerabilities for years.