CVE-2015-4656 — Cross-site Scripting in Synology Photo Station

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 47.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Photo Station

Timeline

PublishedJun 18

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDsynology/photo_station6.3-2944

🔴Vulnerability Details

GHSA

GHSA-7jjh-gj4g-86fp: Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6↗2022-05-17

▶

CVEList

CVE-2015-4656: Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6↗2015-06-18

▶