CVE-2023-47561 — Cross-site Scripting in Systems INC Photo Station

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA5.5

EPSS

0.1%

top 71.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Photo Station Qnap Photo Station

Timeline

PublishedFeb 2

Description

A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDqnap/photo_station6.4.0 — 6.4.2

▶CVEListV5qnap_systems_inc/photo_station6.4.x — 6.4.2 ( 2023/12/15 )

🔴Vulnerability Details

GHSA

GHSA-27rv-vgm8-cv35: A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station↗2024-02-02

▶

CVEList

Photo Station↗2024-02-02

▶