Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0715 — Cross-site Scripting in Qnap Photo Station

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

6.7%

top 8.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Qnap Photo Station

Timeline

PublishedAug 27

Latest updateMay 14

Description

Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDqnap/photo_station5.7.0

▶CVEListV5qnap/photo_stationversions 5.7.0 and earlier

🔴Vulnerability Details

GHSA

GHSA-6xx8-3r7c-vg48: Cross-site scripting vulnerability in QNAP Photo Station versions 5↗2022-05-14

▶

CVEList

CVE-2018-0715: Cross-site scripting vulnerability in QNAP Photo Station versions 5↗2018-08-27

▶

💥Exploits & PoCs

Exploit-DB

QNAP Photo Station 5.7.0 - Cross-Site Scripting↗2018-09-07

▶