XSS Vulnerability in QNAP Photo Station Software
CVE-2024-32769
Currently unrated
Summary
A cross-site scripting (XSS) vulnerability has been identified in QNAP's Photo Station software. This flaw allows remote attackers, who have obtained user access, to inject malicious scripts into web pages viewed by other users. Such exploits could lead to unauthorized access or manipulation of sensitive user data. The issue has been addressed in version 6.4.3, released on July 12, 2024, and users are advised to upgrade to this version or later to mitigate potential security risks.
References
Timeline
Vulnerability published