Seems like there is a more localized page available for your location.
Store

Résumé du panier ()

Total (undefined articles)TVA incluse undefined%. Les frais de port seront calculés lors du paiement.

Continuer mes achats

Série Bee de Synology
Produits de A à Z
Store

Important Information Regarding Photo Station Vulnerability

Publish Time: UTC+8

Last Updated: UTC+8

Severity
Low
Status
Resolved

Abstract

A reflected XSS vulnerability is found in Photo Station that allows attackers to inject client-side scripts into web pages viewed by other users.


Severity

Low


Affected

  • Products
    • Photo Station earlier than 6.7.0-3414
  • Models
    • All Synology models


Description

Photo Station earlier than 6.7.0-3414 does not escape special characters in image parameters, allowing remote attackers to conduct reflected cross-site scripting (XSS) attacks via the modified parameters in an HTTP URL.


Mitigation

  • DSM 6.0 & DSM 6.1

    Go to Control Panel > Security > Security, and select Improve security with HTTP Content Security Policy (CSP) header.


Update Availability

To fix the security issue, go to DSM > Package Center, and update Photo Station to the latest version (6.7.0-3414) to protect your Synology NAS from malicious attacks.