Cross-Site Scripting Vulnerability in QNAP Photo Station
CVE-2018-19956

6.1MEDIUM

Key Information:

Vendor: QNAP
Status: Photo Station
Vendor: CVE Published:; 2 November 2020

What is CVE-2018-19956?

A cross-site scripting vulnerability exists in earlier versions of Photo Station by QNAP Systems Inc. This issue can be exploited by remote attackers to inject malicious scripts, which may compromise the security of user data and lead to unauthorized actions within the application. The affected versions include Photo Station versions prior to 5.7.11 and prior to 6.0.10, prompting users to upgrade to the latest versions to mitigate risks.

Affected Version(s)

Photo Station < 5.7.11

Photo Station < 6.0.10

References

https://www.qnap.com/en/security-advisory/qsa-20-11

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2020
Vulnerability Reserved
Dec 7, 2018

Credit

Independent Security Evaluators