CVE-2020-2502Cross-site Scripting in Systems INC Photo Station

CWE-79Cross-site ScriptingCWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 53.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC Photo StationQnap Photo Station
Timeline
PublishedFeb 17
Latest updateMay 24

Description

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDqnap/photo_station< 6.0.11
CVEListV5qnap_systems_inc/photo_stationunspecified6.0.11

🔴Vulnerability Details

2
GHSA
GHSA-rfgf-6g5x-fx98: This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code2022-05-24
CVEList
Cross-site Scripting Vulnerability in Photo Station2021-02-17
CVE-2020-2502 — Cross-site Scripting | cvebase