CVE-2024-32767 MEDIUM

CVE-2024-32767: Photo Station

Vendor Qnap Systems Inc.
Product Photo Station
Weakness CWE-79 · XSS
Published November 22, 2024
Last update November 22, 2024
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later

Key dates

02Disclosure timeline

November 22, 2024 CVE published
November 22, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-8199 MarqueeAddons <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Marquee Widget CVE-2021-36870 WordPress WP Google Maps plugin <= 8.1.12 - Multiple Authenticated Persistent XSS vulnerabilities CVE-2013-10022 BestWebSoft Contact Form Plugin contact_form.php cntctfrm_check_form cross site scripting CVE-2022-2300 Cross-site Scripting (XSS) - Stored in microweber/microweber CVE-2025-10316 Cross-Site Scripting in extension "Form to Database" (form_to_database)