← Volver a CVEs
CVE-2024-32767
MEDIUM6.3
Descripcion
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later
Detalles CVE
Puntuacion CVSS v3.16.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado11/22/2024
Ultima modificacion9/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
qnap:photo_station
Debilidades (CWE)
CWE-79
Referencias
https://www.qnap.com/en/security-advisory/qsa-24-39(security@qnapsecurity.com.tw)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.