{ "CVE_data_meta": { "ASSIGNER": "security@qnap.com", "DATE_PUBLIC": "2021-02-17T00:29:00.000Z", "ID": "CVE-2020-2502", "STATE": "PUBLIC", "TITLE": "Cross-site Scripting Vulnerability in Photo Station" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Photo Station", "version": { "version_data": [ { "version_affected": "<", "version_value": "6.0.11" } ] } } ] }, "vendor_name": "QNAP Systems Inc." } ] } }, "credit": [ { "lang": "eng", "value": "Paolo" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)" } ] }, { "description": [ { "lang": "eng", "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://www.qnap.com/en/security-advisory/qsa-21-06", "name": "https://www.qnap.com/en/security-advisory/qsa-21-06" } ] }, "solution": [ { "lang": "eng", "value": "QNAP We have already fixed this vulnerability in the following versions of Photo Station.\n\nPhoto Station 6.0.11 and later" } ], "source": { "advisory": "QSA-21-06", "discovery": "EXTERNAL" } }