Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-9102

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.

Published

2017-06-30T13:29:00.177

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	synology	photo_station	≤ 6.3-2960	Yes

References

http://www.fortiguard.com/zeroday/FG-VD-15-103 Third Party Advisory ([email protected])
http://www.fortiguard.com/zeroday/FG-VD-15-104 Third Party Advisory ([email protected])
http://www.fortiguard.com/zeroday/FG-VD-15-109 Third Party Advisory ([email protected])
http://www.fortiguard.com/zeroday/FG-VD-15-112 Third Party Advisory ([email protected])
https://www.synology.com/en-global/support/security/Photo_Station_6_3_2962 Vendor Advisory ([email protected])
http://www.fortiguard.com/zeroday/FG-VD-15-103 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.fortiguard.com/zeroday/FG-VD-15-104 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.fortiguard.com/zeroday/FG-VD-15-109 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.fortiguard.com/zeroday/FG-VD-15-112 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synology.com/en-global/support/security/Photo_Station_6_3_2962 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)