Cross-Site Scripting Vulnerability in Synology Photo Station for DiskStation Manager
CVE-2012-1556

Currently unrated

Key Information:

Vendor: Synology
Status: Diskstation Manager; Synology Photo Station
Vendor: CVE Published:; 12 September 2014

Summary

An XSS vulnerability exists in Synology Photo Station 5 for DiskStation Manager 3.2-1955 that could be exploited by remote attackers. By manipulating the name parameter in requests to photo/photo_one.php, attackers can inject and execute arbitrary web scripts or HTML. This poses significant risks, including unauthorized access to user credentials and exposure of sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/73976

vdb-entryx_refsource_XF

http://osvdb.org/80034

vdb-entryx_refsource_OSVDB

http://archives.neohapsis.com/archives/bugtraq/2012-03/00...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 12, 2014
Vulnerability Reserved
Mar 10, 2012