Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.
References
Link | Resource |
---|---|
http://www.fortiguard.com/zeroday/FG-VD-15-103 | Third Party Advisory |
http://www.fortiguard.com/zeroday/FG-VD-15-104 | Third Party Advisory |
http://www.fortiguard.com/zeroday/FG-VD-15-109 | Third Party Advisory |
http://www.fortiguard.com/zeroday/FG-VD-15-112 | Third Party Advisory |
https://www.synology.com/en-global/support/security/Photo_Station_6_3_2962 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: synology
Published: 2015-12-13T00:00:00
Updated: 2017-06-30T12:57:01
Reserved: 2017-06-29T00:00:00
Link: CVE-2015-9102
JSON object: View
NVD Information
Status : Modified
Published: 2017-06-30T13:29:00.177
Modified: 2019-10-09T23:15:54.510
Link: CVE-2015-9102
JSON object: View
Redhat Information
No data.
CWE