CVE-2017-20210 — CVSS 9.8 (critical): Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal…
CVE-2021-34354 — CVSS 7.6 (high): A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability…
CVE-2021-34356 — CVSS 7.6 (high): A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability…
CVE-2021-34355 — CVSS 7.6 (high): A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability…
CVE-2018-0722 — CVSS 7.5 (high): Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier…
CVE-2023-47562 — CVSS 7.4 (high): An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated…
CVE-2021-44057 — CVSS 7.1 (high): An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability…
CVE-2024-32770 — CVSS 6.3 (medium): A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote…
CVE-2024-32767 — CVSS 6.3 (medium): A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote…
CVE-2024-32768 — CVSS 6.3 (medium): A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote…
CVE-2024-32769 — CVSS 6.3 (medium): A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote…
CVE-2018-19956 — CVSS 6.1 (medium): The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could…
CVE-2018-19954 — CVSS 6.1 (medium): The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could…
CVE-2018-0715 — CVSS 6.1 (medium): Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code…
CVE-2017-13073 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could…
CVE-2020-2502 — CVSS 6.1 (medium): This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this…
CVE-2020-2491 — CVSS 6.1 (medium): This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this…
CVE-2018-19955 — CVSS 6.1 (medium): The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could…
CVE-2023-47221 — CVSS 5.5 (medium): A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated…
CVE-2023-47561 — CVSS 5.5 (medium): A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow…
CVE-2024-12923 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, they can…
CVE-2013-5760 — CVSS 5.0 (medium): QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.