vulnerability
QNAP QTS: CVE-2023-23357: Vulnerability in QuLog Center on QTS, QuTS hero and QuTScloud
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:M/C:P/I:P/A:N) | Sep 8, 2023 | Aug 4, 2025 | Oct 16, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:M/C:P/I:P/A:N)
Published
Sep 8, 2023
Added
Aug 4, 2025
Modified
Oct 16, 2025
Description
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center on several QNAP operating systems. If exploited, the vulnerability allows authenticated administrators to inject malicious code via network vector. We have already fixed the vulnerability in the following operating system and QuLog Center versions: QTS 5.0.1: QuLog Center 1.5.0.738 (2023/03/06) and later QTS 4.5.4: QuLog Center 1.3.1.645 (2023/02/22) and later QuTS hero h5.0.1: QuLog Center 1.5.0.738 (2023/03/06) and later QuTS hero h4.5.4: QuLog Center 1.3.1.645 (2023/02/22) and later QuTscloud c5.0.1: QuLog Center 1.4.1.691 (2023/03/01) and later
Solution
qnap-qts-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.