This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2493
Reference (s):
- https://www.qnap.com/en/security-advisory/qsa-20-14
- URL: https://www.qnap.com/en/security-advisory/qsa-20-14