CVE-2021-34356 HIGH

CVE-2021-34356: Stored XSS Vulnerability in Photo Station

Vendor Qnap Systems Inc.

Product Photo Station

Weakness CWE-79 · XSS

Published October 1, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later

Key dates

02Disclosure timeline

October 1, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-34356 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2021-34356

CWE CWE-79

CVSS 7.6 / HIGH

Affected versions