CVE-2023-47561

2024-02-0216:15:51

CWE-79

qnap

web.nvd.nist.gov

xss

vulnerability

photo station

authenticated users

code injection

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

5.6

Confidence

High

EPSS

Percentile

14.0%

JSON

A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.

We have already fixed the vulnerability in the following version:
Photo Station 6.4.2 ( 2023/12/15 ) and later

Affected configurations

Nvd

Node

qnapphoto_stationRange6.4.0–6.4.2

VendorProductVersionCPE
qnapphoto_station*cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	photo_station	*	cpe:2.3:a:qnap:photo_station::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Photo Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "6.4.2 ( 2023/12/15 )",
        "status": "affected",
        "version": "6.4.x",
        "versionType": "custom"
      }
    ]
  }
]