cbcvebase.
CVE-2020-2491
published 2020-12-10

CVE-2020-2491: This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the…

PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.98%
57.8th percentile
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later

Affected

10 ranges
VendorProductVersion rangeFixed in
qnapphoto_station< 6.0.126.0.12
qnapphoto_station< 5.7.125.7.12
qnapphoto_station< 5.7.135.7.13
qnapphoto_station< 5.4.105.4.10
qnapphoto_station< 5.2.115.2.11
qnap_systems_incphoto_station< 6.0.126.0.12
qnap_systems_incphoto_station< 5.7.125.7.12
qnap_systems_incphoto_station< 5.7.135.7.13
qnap_systems_incphoto_station< 5.4.105.4.10
qnap_systems_incphoto_station< 5.2.115.2.11

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.