CVE-2020-2502

Summary

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.Photo Stationunspecified < 6.0.11affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)
  • CWE-80: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CVE Program Container

Additional References

References