Synology-SA-17:80 Photo Station

Publish Time: 2017-12-20 17:12:49 UTC+8

Last Updated: 2017-12-20 17:50:09 UTC+8

Severity
Moderate
Status
Resolved

Abstract

A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Photo Station.

Updates for Affected Products

Product Severity Latest Patch
Photo Station Moderate Upgrade to 6.8.0-3456 or above.

Mitigation

None

Detail

  • CVE-2017-12072
    • Severity: Moderate
    • CVSS3 Base Score: 5.4
    • CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    • Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.

Revision History

Revision Date Description
1 2017-12-20 Initial public release.