Cross-Site Scripting Vulnerability in QNAP Photo Station

CVE-2024-32768

Summary

A cross-site scripting (XSS) vulnerability has been identified in QNAP's Photo Station, potentially enabling remote attackers with valid user access to inject malicious code. This vulnerability can compromise the integrity of the application and expose sensitive user data. The issue has been addressed in Photo Station version 6.4.3, released on July 12, 2024, which eliminates the risk associated with this flaw. Users are strongly advised to update to this version or later to safeguard against potential exploits.

References