CVE-2024-32770

Published: Nov 22, 2024Modified: Sep 20, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later

Affected (1)

Products: Qnap: Photo Station

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qnap Photo Station	From 6.4.0 to 6.4.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

https://www.qnap.com/en/security-advisory/qsa-24-39

Source: security@qnapsecurity.com.tw

Vendor Advisory

Timeline

No history available yet.