Qnap: >> Photo Station Security Vulnerabilities
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-11-02
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-11-02
CVE-2019-7194
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
Known exploited
CVSS Score
9.8
EPSS Score
0.934
Published
2019-12-05
CVE-2019-7195
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
Known exploited
CVSS Score
9.8
EPSS Score
0.89
Published
2019-12-05
CVE-2019-7192
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2019-12-05
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-02-01
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.
CVSS Score
6.1
EPSS Score
0.044
Published
2018-08-27
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-04-23
QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-06-09
Page 2