CVE-2015-9102

EPSS 0.9%CWE-79

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

30 jun 2017Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.

Produtos afetados

Synology · Photo Station

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.synology.com/en-global/support/security/Photo_Station_6_3_2962 http://www.fortiguard.com/zeroday/FG-VD-15-103 http://www.fortiguard.com/zeroday/FG-VD-15-104 http://www.fortiguard.com/zeroday/FG-VD-15-109 http://www.fortiguard.com/zeroday/FG-VD-15-112