Synology-SA-17:80 Photo Station
Publish Time: 2017-12-20 17:12:49 UTC+8
Last Updated: 2017-12-20 17:50:09 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Photo Station.
Updates for Affected Products
| Product | Severity | Latest Patch |
|---|---|---|
| Photo Station | Moderate | Upgrade to 6.8.0-3456 or above. |
Mitigation
None
Detail
- CVE-2017-12072
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1 | 2017-12-20 | Initial public release. |