Security ID : NAS-201804-23
Security Advisory for XSS Vulnerabiltiy in Photo Station
Release date : April 23, 2018
CVE identifier : CVE-2017-13073
Affected products: Photo Station versions 5.4.3 and earlier for QTS 4.3.x
Photo Station versions 5.2.7 and earlier for QTS 4.2.x
Severity
Moderate
Status
Resolved
Summary
A cross-site scripting vulnerability has been reported to affect Photo Station versions 5.2.7, 5.4.3, and their earlier versions.
If successfully exploited, the vulnerability may allow remote attackers to inject malicious code in the application.
We have already fixed these issues in the following Photo Station versions.
- QTS 4.3.x: Photo Station 5.4.4 and later
- QTS 4.2.x: Photo Station 5.2.8 and later
Recommendation
To fix these vulnerabilities, you must update Photo Station to the following versions.
- QTS 4.3.x: Photo Station 5.4.4 or later
- QTS 4.2.x: Photo Station 5.2.8 or later
Upgrading to Photo Station 5.2.8 or 5.4.4
- Log on to QTS as administrator.
- Open the App Center, and then click the Search icon.
A search box appears. - Type “Photo Station”, and then press ENTER.
The Photo Station application appears in the search results list. - Click Update.
A confirmation message appears. - Click OK.
The application is updated.
Acknowledgements: Harry Sintonen / F-Secure Corporation
Revision History: V1.0 (April 23, 2018) - Published
