CVEDB API

Vulnerabilities

Vulnerable Software

Synology: >> Photo Station >> 6.8.0-3456 Security Vulnerabilities

CVE-2017-16771

Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

CVSS Score

6.1

EPSS Score

0.003

Published

2018-03-22

CVE-2017-16772

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.

CVSS Score

8.8

EPSS Score

0.014

Published

2018-03-22

CVE-2017-12079

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.

CVSS Score

7.5

EPSS Score

0.003

Published

2017-12-04

CVE-2017-12080

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.

CVSS Score

5.3

EPSS Score

0.002

Published

2017-12-04

Page 2

Vulnerabilities

Vulnerable Software

Synology: >> Photo Station >> 6.8.0-3456 Security Vulnerabilities

Products

Pricing

Contact Us