CVE-2017-13073

6.1MEDIUM

Key Information:

Vendor: Qnap
Status: Photo Station
Vendor: CVE Published:; 23 April 2018

Summary

Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.

Affected Version(s)

Photo Station versions 5.4.3 and earlier for QTS 4.3.x

Photo Station versions 5.2.7 and earlier for QTS 4.2.x

References

https://www.qnap.com/zh-tw/security-advisory/nas-201804-23

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2018
Vulnerability Reserved
Aug 22, 2017