CVE-2021-29091
https://notcve.org/view.php?id=CVE-2021-29091
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Path Traversal") en el componente file management en Synology Photo Station versiones anteriores a 6.8.14-3500, permite a usuarios remotos autenticados escribir archivos arbitrarios por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_20 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-29092
https://notcve.org/view.php?id=CVE-2021-29092
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors. Una vulnerabilidad de carga sin restricciones de archivos de tipo peligroso en el componente file management en Synology Photo Station versiones anteriores a 6.8.14-3500, permite a usuarios autenticados remotos ejecutar código arbitrario por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_20 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-2502 – Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2020-2502
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later Esta vulnerabilidad de tipo cross-site scripting en Photo Station, permite a atacantes remotos inyectar código malicioso. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Photo Station. Photo Station versiones 6.0.11 y posterior • https://www.qnap.com/en/security-advisory/qsa-21-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2020-2491 – Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2020-2491
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later Esta vulnerabilidad de tipo cross-site scripting en Photo Station permite a atacantes remotos inyectar código malicioso. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Photo Station. QTS versión 4.5.1: Photo Station versión 6.0.12 y posterior, QTS versión 4.4.3: Photo Station versión 6.0.12 y posterior, QTS versión 4.3.6: Photo Station versión 5.7.12 y posterior, QTS versión 4.3.4: Photo Station versión 5.7.13 y posterior, QTS versión 4.3.3: Photo Station versión 5.4.10 y posterior, QTS versión 4.2.6: Photo Station versión 5.2.11 y posterior • https://www.qnap.com/en/security-advisory/qsa-20-15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2018-19956
https://notcve.org/view.php?id=CVE-2018-19956
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. Se ha reportado la vulnerabilidad de tipo cross-site scripting que afecta a versiones anteriores de Photo Station. • https://www.qnap.com/en/security-advisory/qsa-20-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •