Posted by Mark Cross on Jul 25

On the 7th of July 2015 I discovered a reflected cross-site scripting
(XSS) vulnerability in QNAP TS-x09 Network Attached Storage devices.
Full disclosure was undertaken with the vendor and a CVE-ID has been
requested from Mitre.

CVE-ID: requested via PGP email

7th July 2015
Author: Mark Cross
Twitter: @xerubus
WWW: www.mogozobo.com
Reference: http://www.mogozobo.com/?p=2574

====================
Summary
====================

A reflected…