Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32151
HistoryJun 01, 2015 - 12:00 a.m.

Synology Photo Station multiple Cross-Site Scripting vulnerabilities

2015-06-0100:00:00
vulners.com
17
JSON

Synology Photo Station multiple Cross-Site Scripting vulnerabilities

Han Sahin, May 2015

Abstract

Multiple reflected Cross-Site scripting vulnerabilities were found in
Synology Photo Station. These issues allow attackers to perform a wide
variety of actions, such as stealing victims' session tokens or login
credentials if available, performing arbitrary actions on their behalf
but also performing arbitrary redirects to potential malicious websites.

Tested version

This issue was tested on Synology Photo Station version 6.2-2858.

Fix

Synology reports that this issue has been resolved in Photo Station
version 6.3-2945.
https://www.synology.com/en-us/releaseNote/PhotoStation

Details

https://www.securify.nl/advisory/SFY20150504/synology_photo_station_multiple_cross_site_scripting_vulnerabilities.html

JSON