CVE-2017-13073 — Cross-site Scripting in Qnap Photo Station

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 51.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Photo Station

Timeline

PublishedApr 23

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDqnap/photo_station5.2.0 — 5.2.7+1

▶CVEListV5qnap/photo_stationversions 5.2.7 and earlier for QTS 4.2.x, versions 5.4.3 and earlier for QTS 4.3.x+1

🔴Vulnerability Details

GHSA

GHSA-8wjw-3m53-2385: Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5↗2022-05-14

▶

CVEList

CVE-2017-13073: Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5↗2018-04-23

▶