Lucene search

Synology Photo Station Security Vulnerabilities - CVSS Score 5 - 6

cve

CVE-2015-9102

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of th...

5.4CVSS

5.1AI Score

0.002EPSS

2017-06-30 01:29 PM

cve

CVE-2017-12072

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.

5.4CVSS

5.1AI Score

0.001EPSS

2017-12-20 06:29 PM

cve

CVE-2017-12080

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.

5.3CVSS

5.1AI Score

0.002EPSS

2017-12-04 07:29 PM

cve

CVE-2017-16769

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.

5.3CVSS

5.2AI Score

0.001EPSS

2018-02-23 10:29 PM

cve

CVE-2017-9555

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

5.4CVSS

5.4AI Score

0.001EPSS

2017-08-24 07:29 PM