The Accoria web server, also known as Rock Web Server, contains several vulnerabilities. WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software. FireEye has found a kill switch, and Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack. The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems, the Department of Homeland Security said in an advisory.
Source: https://threatpost.com/us-cert-rock-web-server-has-xss-vulns-060110/74041/