Cross-Site Scripting Vulnerability in QNAP Photo Station by QNAP Systems Inc.
CVE-2018-19954

6.1MEDIUM

Key Information:

Vendor: QNAP
Status: Photo Station
Vendor: CVE Published:; 2 November 2020

Summary

A cross-site scripting vulnerability exists in earlier versions of Photo Station from QNAP Systems Inc. This flaw enables remote attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or manipulation. Users should ensure they are running Photo Station versions 5.7.11 or later, or 6.0.10 or later to mitigate this issue. For more information, you can refer to the official security advisory.

Affected Version(s)

Photo Station < 5.7.11

Photo Station < 6.0.10

References

https://www.qnap.com/en/security-advisory/qsa-20-11

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 2, 2020
Vulnerability Reserved
Dec 7, 2018

Credit

Independent Security Evaluators