Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synology | Photo Station | <= 6.3-2960 |
Related Weaknesses (CWE)
References
- http://www.fortiguard.com/zeroday/FG-VD-15-103Third Party Advisory
- http://www.fortiguard.com/zeroday/FG-VD-15-104Third Party Advisory
- http://www.fortiguard.com/zeroday/FG-VD-15-109Third Party Advisory
- http://www.fortiguard.com/zeroday/FG-VD-15-112Third Party Advisory
- https://www.synology.com/en-global/support/security/Photo_Station_6_3_2962Vendor Advisory
- http://www.fortiguard.com/zeroday/FG-VD-15-103Third Party Advisory
- http://www.fortiguard.com/zeroday/FG-VD-15-104Third Party Advisory
- http://www.fortiguard.com/zeroday/FG-VD-15-109Third Party Advisory
- http://www.fortiguard.com/zeroday/FG-VD-15-112Third Party Advisory
- https://www.synology.com/en-global/support/security/Photo_Station_6_3_2962Vendor Advisory
FAQ
What is CVE-2015-9102?
CVE-2015-9102 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML vi...
How severe is CVE-2015-9102?
CVE-2015-9102 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-9102?
Check the references section above for vendor advisories and patch information. Affected products include: Synology Photo Station.