Security ID : QSA-25-24

Vulnerability in Photo Station


  • Release date : August 29, 2025

  • CVE identifier : CVE-2024-12923

  • Affected products: Photo Station 6.4.x

Severity

Moderate

Status

Resolved


Summary

A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If a remote attacker gains access to a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data.

  

We have already fixed the vulnerability in the following version:

Affected Product Fixed Version
Photo Station 6.4.x Photo Station 6.4.5 (2025/01/02) and later

Recommendation

To fix the vulnerability, we recommend updating Photo Station to the latest version.

Updating Photo Station

  1. Log on to QTS or QuTS hero as an administrator.
  2. Open App Center and then click .
    A search box appears.
  3. Type "Photo Station" and then press ENTER.
    Photo Station appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your Photo Station is already up to date.
  5. Click OK.
    The system updates the application.

  

Attachment

Acknowledgements: Searat and izut

Revision History:
V1.0 (August 29, 2025) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      back to top