3 matches found
CVE-2017-12072
Cross-site scripting XSS vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter...
CVE-2017-12072
Cross-site scripting XSS vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter...
CVE-2017-12072
Synology Photo Station is affected by a Cross-Site Scripting (XSS) vulnerability in PixlrEditorHandler.php. The issue allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter in versions earlier than 6.8.0-3456. Root cause: improper handling of the id paramet...