Security ID : QSA-25-24
Vulnerability in Photo Station
Release date : August 29, 2025
CVE identifier : CVE-2024-12923
Affected products: Photo Station 6.4.x
Severity
Moderate
Status
Resolved
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If a remote attacker gains access to a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following version:
Affected Product | Fixed Version |
Photo Station 6.4.x | Photo Station 6.4.5 (2025/01/02) and later |
Recommendation
To fix the vulnerability, we recommend updating Photo Station to the latest version.
Updating Photo Station
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Photo Station" and then press ENTER.
Photo Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Photo Station is already up to date. - Click OK.
The system updates the application.
Attachment
Acknowledgements: Searat and izut
Revision History:
V1.0 (August 29, 2025) - Published