Cross site scripting

2015-06-1818:59:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/.

CPENameOperatorVersion
photo_stationeq<= 6.3-2944

CPE	Name	Operator	Version
	photo_station	eq	<= 6.3-2944

References

seclists.org/fulldisclosure/2015/May/110

www.securityfocus.com/bid/74816

www.securify.nl/advisory/SFY20150504/synology_photo_station_multiple_cross_site_scripting_vulnerabilities.html

www.synology.com/en-us/support/security/Photo_Station_2945