CVE-2017-12072 - AskarLabs CVE Database

CVE-2017-12072

Vendor Synology

Product Photo Station

Weakness CWE-79 · XSS

Published December 20, 2017

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.

Key dates

02Disclosure timeline

December 20, 2017 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-12072 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-42159 Flowsint: Stored XSS in description of node CVE-2026-32273 Discourse: XSS on category description update via API CVE-2024-29909 WordPress Travelers' Map plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability CVE-2023-38045 Extension - admiror-design-studio.com - XSS in Admiror Gallery component for Joomla 5.0.0-5.2.0 CVE-2014-2370 Omron NS Series HMI Improper Neutralization of Input During Web Page Generation