Security ID : QSA-23-52
Vulnerabilities in Video Station
Release date : October 14, 2023
CVE identifier : CVE-2023-34975 | CVE-2023-34976 | CVE-2023-34977
Affected products: Video Station 5.7.x
Severity
Important
Status
Resolved
Summary
Three vulnerabilities have been reported to affect Video Station:
- CVE-2023-34975 and CVE-2023-34976: SQL injection vulnerabilities
- CVE-2023-34977: Cross-site scripting (XSS) vulnerability
If exploited, these vulnerabilities could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
| Affected Product | Fixed Version |
| Video Station 5.7.x | Video Station 5.7.0 (2023/07/27) and later |
Recommendation
To fix the vulnerability, we recommend updating Video Station to the latest version.
Updating Video Station
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type "Video Station" and then press ENTER.
Video Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Video Station is already up to date. - Click OK.
The application is updated.
Attachment
Acknowledgements: Kaibro
Revision History:
V1.0 (October 14, 2023) - Published
