CVE-2018-19954

MEDIUM

QNAP Systems Inc. Photo Station <5.7.11, <6.0.10 - XSS

Title source: llm
STIX 2.1

Description

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.qnap.com/en/security-advisory/qsa-20-11

Scores

CVSS v3 6.1
EPSS 0.0042
EPSS Percentile 61.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-80 CWE-79
Status published
Products (1)
qnap/photo_station 5.7.0 - 5.7.11
Published Nov 02, 2020
Tracked Since Feb 18, 2026