CVE-2020-2502

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later

Published: Feb 17, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-2502
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
qnap / photo_station	-	6.0.11

https://www.qnap.com/en/security-advisory/qsa-21-06

Vulnerability Database

291,049

CVE-2020-2502