Qnap: >> Photo Station >> 6.4.0 Security Vulnerabilities
An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.2 ( 2023/12/15 ) and later
CVSS Score
7.4
EPSS Score
0.004
Published
2024-02-02
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.2 ( 2023/12/15 ) and later
CVSS Score
5.5
EPSS Score
0.001
Published
2024-02-02