安全ID : NAS-201804-23
Security Advisory for XSS Vulnerabiltiy in Photo Station
发布日期 : April 23, 2018
通用漏洞披露 : CVE-2017-13073
受影响产品: Photo Station versions 5.4.3 and earlier for QTS 4.3.x
Photo Station versions 5.2.7 and earlier for QTS 4.2.x
严重程度
Moderate
状态
已解决
Summary
A cross-site scripting vulnerability has been reported to affect Photo Station versions 5.2.7, 5.4.3, and their earlier versions.
If successfully exploited, the vulnerability may allow remote attackers to inject malicious code in the application.
We have already fixed these issues in the following Photo Station versions.
- QTS 4.3.x: Photo Station 5.4.4 and later
- QTS 4.2.x: Photo Station 5.2.8 and later
Recommendation
To fix these vulnerabilities, you must update Photo Station to the following versions.
- QTS 4.3.x: Photo Station 5.4.4 or later
- QTS 4.2.x: Photo Station 5.2.8 or later
Upgrading to Photo Station 5.2.8 or 5.4.4
- Log on to QTS as administrator.
- Open the App Center, and then click the Search icon.
A search box appears. - Type “Photo Station”, and then press ENTER.
The Photo Station application appears in the search results list. - Click Update.
A confirmation message appears. - Click OK.
The application is updated.
致谢: Harry Sintonen / F-Secure Corporation
修订历史: V1.0 (April 23, 2018) - Published
