CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34354 – Stored Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34354
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo de QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 6.0.18 (01/09/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2502 – Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2020-2502
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later Esta vulnerabilidad de tipo cross-site scripting en Photo Station, permite a atacantes remotos inyectar código malicioso. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Photo Station. Photo Station versiones 6.0.11 y posterior • https://www.qnap.com/en/security-advisory/qsa-21-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-2491 – Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2020-2491
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later Esta vulnerabilidad de tipo cross-site scripting en Photo Station permite a atacantes remotos inyectar código malicioso. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Photo Station. QTS versión 4.5.1: Photo Station versión 6.0.12 y posterior, QTS versión 4.4.3: Photo Station versión 6.0.12 y posterior, QTS versión 4.3.6: Photo Station versión 5.7.12 y posterior, QTS versión 4.3.4: Photo Station versión 5.7.13 y posterior, QTS versión 4.3.3: Photo Station versión 5.4.10 y posterior, QTS versión 4.2.6: Photo Station versión 5.2.11 y posterior • https://www.qnap.com/en/security-advisory/qsa-20-15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19956
https://notcve.org/view.php?id=CVE-2018-19956
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. Se ha reportado la vulnerabilidad de tipo cross-site scripting que afecta a versiones anteriores de Photo Station. • https://www.qnap.com/en/security-advisory/qsa-20-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19955
https://notcve.org/view.php?id=CVE-2018-19955
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. Se ha reportado una vulnerabilidad de tipo cross-site scripting afecta a versiones anteriores de Photo Station. • https://www.qnap.com/en/security-advisory/qsa-20-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •