Security ID : QSA-24-08
Multiple Vulnerabilities in Photo Station
Release date : February 3, 2024
CVE identifier : CVE-2023-47561 | CVE-2023-47562
Affected products: Photo Station 6.4.x
Severity
Moderate
Status
Resolved
Summary
Two vulnerabilities have been reported to affect Photo Station:
- CVE-2023-47561: If exploited, the cross-site scripting (XSS) vulnerability could allow remote attackers who have gained user access to inject malicious code.
- CVE-2023-47562: If exploited, the OS command injection vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| Photo Station 6.4.x | Photo Station 6.4.2 (2023/12/15) and later |
Recommendation
To fix the vulnerabilities, we recommend updating Photo Station to the latest version.
Updating Photo Station
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type "Photo Station" and then press ENTER.
Photo Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Photo Station is already up to date. - Click OK.
The application is updated.
Attachment
Acknowledgements: lebr0nli (Alan Li), working with DEVCORE Internship Program
Revision History:
V1.0 (February 3, 2024) - Published
