Synology: >> Photo Station >> 6.8 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-20
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-12-04
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-12-04
Page 2