Photo Station Security Vulnerabilities and Issues — Photo Station CVE List

Lucene search

SynologyPhoto Station

5 matches found

CVE•added 2017/12/20 6:29 p.m.•48 views

CVE-2017-12072

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.

5.4CVSS5.1AI score0.00187EPSS

CVE•added 2017/12/04 7:29 p.m.•40 views

CVE-2017-12080

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.

5.3CVSS5.1AI score0.0023EPSS

CVE•added 2018/02/23 10:29 p.m.•38 views

CVE-2017-16769

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.

5.3CVSS5.2AI score0.0023EPSS

CVE•added 2017/08/24 7:29 p.m.•38 views

CVE-2017-9555

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

5.4CVSS5.4AI score0.00234EPSS

CVE•added 2017/06/30 1:29 p.m.•35 views

CVE-2015-9102

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of th...

5.4CVSS5.1AI score0.00327EPSS