Synology: >> Photo Station >> 6.8.1-3458 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-03-22
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.
CVSS Score
8.8
EPSS Score
0.014
Published
2018-03-22
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-02-23
Page 2