CVE-2020-2491Cross-site Scripting in Systems INC Photo Station

CWE-79Cross-site ScriptingCWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 49.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC Photo StationQnap Photo Station
Timeline
PublishedDec 10
Latest updateMay 24

Description

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDqnap/photo_station< 6.0.12+4
CVEListV5qnap_systems_inc/photo_station< 6.0.12+4

🔴Vulnerability Details

2
GHSA
GHSA-whf5-659f-c55w: This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code2022-05-24
CVEList
Cross-site Scripting Vulnerability in Photo Station2020-12-10
CVE-2020-2491 — Cross-site Scripting | cvebase