Synology DiskStation Manager Cross-site Scripting (CVE-2012-1556)

Cross-site scripting XSS vulnerability in Synology Photo Station 5 for DiskStation Manager DSM 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photoone.php. This plugin only works with Tenable.ot. Please visit...

CVE-2012-1556

CVE-2012-1556 is a reflected XSS vulnerability in Synology Photo Station 5 on DSM 3.2-1955, where input in the name parameter to photo/photo_one.php is not properly sanitized. The root cause is improper verification of the name input, enabling remote attackers to inject arbitrary scripts. Impacts...

Synology Photo Station 5 - Reflected Cross-Site Scripting

Title : Photo Station 5 - Reflected Cross-Site Scripting Author : Simon Ganiere Vendor : http://www.sinology.com Advisory : CVE-2012-1556 Software : Photo Station 5 - DSM 3.2 1955 Date : 05/02/2012 30/01/2012 Issue Discovered 05/02/2012 Vendor Notified 06/03/2012 Vendor released DSM 4 Class:...

CVE-2012-1556

creationtimestamp| type| source ---|---|--- 2012-03-12 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36944...