Cross-Site Scripting Vulnerability in QNAP Photo Station
CVE-2018-19955

6.1MEDIUM

Key Information:

Vendor: QNAP
Status: Photo Station
Vendor: CVE Published:; 2 November 2020

Summary

A cross-site scripting vulnerability in earlier versions of QNAP Photo Station enables remote attackers to inject malicious scripts, potentially compromising user data and leading to unauthorized actions. This issue affects versions prior to 5.7.11 and 6.0.10, highlighting the importance of keeping software updated to mitigate security risks.

Affected Version(s)

Photo Station < 5.7.11

Photo Station < 6.0.10

References

https://www.qnap.com/en/security-advisory/qsa-20-11

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 2, 2020
Vulnerability Reserved
Dec 7, 2018

Credit

Independent Security Evaluators