CVE-2024-32769 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-32769 PUBLISHED CVSS 6.300000190734863 MEDIUM

A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later

EPSS 0.12% · 30.3th percentile

Risk Scores

CVSS v3.1

6.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

EPSS Score

0.12%

30.3th percentile

Affected Products

Vendor	Product	Versions
QNAP Systems Inc.	Photo Station	6.4.x
qnap	photo_station	6.4.0

Timeline

Nov 22, 2024 CVE Published
Nov 22, 2024 CVE Updated
Nov 23, 2024 EPSS Score
Dec 11, 2024 EPSS Score
Dec 28, 2024 EPSS Score
Jan 13, 2025 EPSS Score
Jan 30, 2025 EPSS Score
Feb 1, 2025 Coalition ESS Score
Feb 16, 2025 EPSS Score
Mar 5, 2025 EPSS Score
Mar 21, 2025 EPSS Score
Apr 7, 2025 EPSS Score

References

https://www.qnap.com/go/security-advisory/qsa-24-44 advisory
https://www.qnap.com/go/security-advisory/qsa-24-36 advisory
https://www.qnap.com/go/security-advisory/qsa-24-37 advisory
https://www.qnap.com/go/security-advisory/qsa-24-39 advisory
https://www.qnap.com/go/security-advisory/qsa-24-47 advisory
https://www.qnap.com/go/security-advisory/qsa-24-40 advisory
https://www.qnap.com/go/security-advisory/qsa-24-46 advisory
https://www.qnap.com/go/security-advisory/qsa-24-43 advisory
https://www.qnap.com/en/security-advisory/qsa-24-39 url
https://nvd.nist.gov/vuln/detail/CVE-2024-32769 advisory

Open in Interactive Console →