Security ID : QSA-20-15
Cross-site Scripting Vulnerability in Photo Station
Release date : December 7, 2020
CVE identifier : CVE-2020-2491
Affected products: QNAP NAS running Photo Station
Severity
Important
Status
Resolved
Summary
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code.
We have already fixed this vulnerability in the following versions of Photo Station.
- QTS 4.5.1: Photo Station 6.0.12 and later
- QTS 4.4.3: Photo Station 6.0.12 and later
- QTS 4.3.6: Photo Station 5.7.12 and later
- QTS 4.3.4: Photo Station 5.7.13 and later
- QTS 4.3.3: Photo Station 5.4.10 and later
- QTS 4.2.6: Photo Station 5.2.11 and later
Recommendation
To fix the issue, we recommend updating Photo Station to the latest version.
Updating Photo Station
- Log on to QTS as administrator.
- Open the App Center and then click
.
A search box appears. - Type “Photo Station” and then press ENTER.
Photo Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Photo Station is already up to date. - Click OK.
The application is updated.
Acknowledgements: Jan Hoff
Revision History: V1.0 (December 7, 2020) - Published
