CVE-2012-1556
Synology Photo Station 5 for DiskStation Manager 3.2-1955 - Cross-Site Scripting via Name Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-1556. PoCs published by Simon Ganiere.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Synology Photo Station. The PoC includes a crafted URL that injects arbitrary JavaScript code into the 'name' parameter, which is not properly sanitized by the application.
Description
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Synology Photo Station. The PoC includes a crafted URL that injects arbitrary JavaScript code into the 'name' parameter, which is not properly sanitized by the application.