Lucene search

QnapCVELIST:CVE-2021-34356

HistoryOct 01, 2021 - 2:50 a.m.

CVE-2021-34356 Stored XSS Vulnerability in Photo Station

2021-10-0102:50:19

CWE-79

qnap

www.cve.org

cve-2021-34356

stored xss

photo station

remote attackers

malicious code

vulnerability

qnap device

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later

CNA Affected

[
  {
    "product": "Photo Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "6.0.18 ( 2021/09/01 )",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-21-41