安全ID : QSA-23-52
Vulnerabilities in Video Station
发布日期 : October 14, 2023
通用漏洞披露 : CVE-2023-34975 | CVE-2023-34976 | CVE-2023-34977
受影响产品: Video Station 5.7.x
严重程度
Important
状态
已解决
Summary
Three vulnerabilities have been reported to affect Video Station:
- CVE-2023-34975 and CVE-2023-34976: SQL injection vulnerabilities
- CVE-2023-34977: Cross-site scripting (XSS) vulnerability
If exploited, these vulnerabilities could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
| Affected Product | Fixed Version |
| Video Station 5.7.x | Video Station 5.7.0 (2023/07/27) and later |
Recommendation
To fix the vulnerability, we recommend updating Video Station to the latest version.
Updating Video Station
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type "Video Station" and then press ENTER.
Video Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Video Station is already up to date. - Click OK.
The application is updated.
附件
致谢: Kaibro
修订历史:
V1.0 (October 14, 2023) - Published
