CVE-2018-0715

6.1MEDIUM

Key Information:

Vendor: Qnap
Status: Photo Station
Vendor: CVE Published:; 27 August 2018

Summary

Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.

Affected Version(s)

Photo Station versions 5.7.0 and earlier

References

https://www.qnap.com/zh-tw/security-advisory/nas-201808-23

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/45348/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 27, 2018
Vulnerability Reserved
Nov 28, 2017