CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-16771
https://notcve.org/view.php?id=CVE-2017-16771
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en Log Viewer en Synology Photo Station, en versiones anteriores a la 6.8.3-3463 y anteriores a la 6.3-2971, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro username. • https://www.synology.com/en-global/support/security/Synology_SA_18_02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-16772
https://notcve.org/view.php?id=CVE-2017-16772
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. Vulnerabilidad de validación de entradas incorrecta en PixlrEditorHandler.php en SYNOPHOTO_Flickr_MultiUpload en Synology Photo Station, en versiones anteriores a la 6.8.3-3463 y a la 6.3-2971, permite que usuarios autenticados remotos ejecuten código arbitrario mediante el parámetro prog_id. • https://www.synology.com/en-global/support/security/Synology_SA_18_02 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12072
https://notcve.org/view.php?id=CVE-2017-12072
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en PixlrEditorHandler.php en Synology Photo Station en versiones anteriores a la 6.8.0-3456 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro id. • https://www.synology.com/en-global/support/security/Synology_SA_17_80 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12079
https://notcve.org/view.php?id=CVE-2017-12079
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. Vulnerabilidad de archivos o directorios accesibles para terceros en picasa.php en Synology Photo Station en versiones anteriores a la 6.8.1-3458 y a la 6.3-2970 permite que atacantes remotos obtengan archivos arbitrarios mediante el campo prog_id. • https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12080
https://notcve.org/view.php?id=CVE-2017-12080
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file. Una vulnerabilidad de exposición de información en el archivo de configuración HTTP por defecto en Synology Photo Station en versiones anteriores a la 6.8.1-3458 y a la 6.3-2970 permite que atacantes remotos obtengan información sensible del sistema mediante el archivo .htaccess. • https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •