CVE-2024-32768Cross-site Scripting in Systems INC Photo Station

CWE-79Cross-site ScriptingCWE-190Integer Overflow or WraparoundCWE-404Improper Resource Shutdown or ReleaseCWE-20Improper Input Validation6 documents4 sources
Severity
5.4MEDIUMNVD
CNA6.3
EPSS
0.2%
top 63.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC Photo StationQnap Photo Station
Timeline
PublishedNov 22
Latest updateFeb 27

Description

A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDqnap/photo_station6.4.06.4.3
CVEListV5qnap_systems_inc/photo_station6.4.x6.4.3 ( 2024/07/12 )

🔴Vulnerability Details

2
CVEList
Photo Station2024-11-22
GHSA
GHSA-6mqr-4g8p-wrvx: A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station2024-11-22

📋Vendor Advisories

3
Red Hat
kernel: rtc: tps6594: Fix integer overflow on 32bit systems2025-02-27
Red Hat
kernel: erofs: handle overlapped pclusters out of crafted images properly2024-10-21
Red Hat
kernel: net: atlantic: Fix DMA mapping for PTP hwts ring2024-04-02
CVE-2024-32768 — Cross-site Scripting | cvebase