Lucene search

QnapCVELIST:CVE-2021-34355

HistoryOct 01, 2021 - 2:50 a.m.

CVE-2021-34355 Stored XSS Vulnerability in Photo Station

2021-10-0102:50:17

CWE-79

qnap

www.cve.org

cross-site scripting

qnap nas

remote attackers

malicious code

vulnerability fix

photo station.

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later

CNA Affected

[
  {
    "product": "Photo Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.4.10 ( 2021/08/19 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "5.7.13 ( 2021/08/19 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "6.0.18 ( 2021/09/01 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-42