This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2494
Reference (s):
- https://www.qnap.com/en/security-advisory/qsa-20-13
- URL: https://www.qnap.com/en/security-advisory/qsa-20-13