CVE-2017-16771 - AskarLabs CVE Database

CVE-2017-16771

Vendor Synology

Product Photo Station

Weakness CWE-79 · XSS

Published March 22, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Key dates

02Disclosure timeline

March 22, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-16771 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-6997 ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function CVE-2023-0112 Cross-site Scripting (XSS) - Stored in usememos/memos CVE-2024-36194 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-1730 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-14114 1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

Identifiers

CVE CVE-2017-16771

CWE CWE-79

Affected versions

Vendor Synology

Product Photo Station

Affected before 6.8.3-3463

Vendor Synology

Product Photo Station

Affected before 6.3-2971