CVE-2024-32769 — Vulnetix

CVE-2024-32769 PUBLISHED CVSS 6.300000190734863 MEDIUM

A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later

EPSS 0.16% · 36.4th percentile

Risk Scores

CVSS 3.1

6.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

EPSS Score

0.16%

36.4th percentile

Affected Products

Vendor	Product	Versions
QNAP Systems Inc.	Photo Station	6.4.x
qnap	photo_station	6.4.0

Exploit Intelligence

https://www.qnap.com/en/security-advisory/qsa-24-39 (circl)

Timeline

Nov 22, 2024 CVE Published
Nov 22, 2024 CVE Updated
Nov 23, 2024 EPSS Score
Dec 11, 2024 EPSS Score
Dec 29, 2024 EPSS Score
Jan 15, 2025 EPSS Score
Feb 1, 2025 EPSS Score
Feb 1, 2025 Coalition ESS Score
Feb 19, 2025 EPSS Score
Mar 8, 2025 EPSS Score
Mar 25, 2025 EPSS Score
Apr 11, 2025 EPSS Score

References

https://www.qnap.com/go/security-advisory/qsa-24-44 advisory
https://www.qnap.com/go/security-advisory/qsa-24-36 advisory
https://www.qnap.com/go/security-advisory/qsa-24-37 advisory
https://www.qnap.com/go/security-advisory/qsa-24-39 advisory
https://www.qnap.com/go/security-advisory/qsa-24-47 advisory
https://www.qnap.com/go/security-advisory/qsa-24-40 advisory
https://www.qnap.com/go/security-advisory/qsa-24-46 advisory
https://www.qnap.com/go/security-advisory/qsa-24-43 advisory
https://www.qnap.com/en/security-advisory/qsa-24-39 url
https://nvd.nist.gov/vuln/detail/CVE-2024-32769 advisory

Open in Interactive Console →