QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.
6.9AI Score
0.004EPSS
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version:Photo Station 6.4.2 ( 2023/12/15 ) and later
5.5CVSS
5.6AI Score
0.0004EPSS