Multiple vulnerabilities in QNAP QTS
CERT-FR, October 29, 2020
Multiple vulnerabilities have been discovered in QNAP QTS. They allow an attacker to cause remote arbitrary code execution and remote indirect code injection (XSS). (Sources)
QNAP Security Bulletin QSA-20-10 dated October 29, 2020
QNAP Security Bulletin QSA-20-11 dated October 29, 2020
Qnap Systems, Inc. is a Taiwan-based IT manufacturer specializing in network storage solutions for individuals and businesses. Wikipedia
Cross-site scripting (XSS) is a type of website security vulnerability that allows content to be injected into a page, thereby causing actions on web browsers visiting the page. Wikipedia