CVE-2021-34354Cross-site Scripting in Systems INC Photo Station

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
CNA7.6
EPSS
0.3%
top 51.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC Photo StationQnap Photo Station
Timeline
PublishedOct 1
Latest updateMay 24

Description

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDqnap/photo_station< 6.0.18
CVEListV5qnap_systems_inc/photo_stationunspecified6.0.18 ( 2021/09/01 )

🔴Vulnerability Details

2
GHSA
GHSA-rv2c-7323-hh89: A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station2022-05-24
CVEList
Stored Cross-site Scripting Vulnerability in Photo Station2021-10-01
CVE-2021-34354 — Cross-site Scripting | cvebase