安全ID : QSA-21-06
Cross-site Scripting Vulnerability in Photo Station
发布日期 : February 17, 2021
通用漏洞披露 : CVE-2020-2502
受影响产品: QNAP NAS running Photo Station
严重程度
Moderate
状态
已解决
Summary
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code.
We have already fixed the issue in Photo Station 6.0.11 and later.
Recommendation
To fix the vulnerability, we recommend updating Photo Station to the latest version.
Updating Photo Station
- Log on to QTS as administrator.
- Open the App Center and then click
.
A search box appears. - Type “Photo Station” and then press ENTER.
Photo Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your version is already up to date. - Click OK.
The application is updated.
致谢: Paolo
修订历史: V1.0 (Feb 17, 2021) - Published
