Qnap: >> Video Station >> 5.8.3 Security Vulnerabilities
An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version:
Video Station 5.8.4 and later
CVSS Score
8.8
EPSS Score
0.001
Published
2025-10-03
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.7.0 ( 2023/07/27 ) and later
CVSS Score
4.6
EPSS Score
0.002
Published
2023-10-13