Security ID : NAS-201808-23
Security Advisory for XSS Vulnerability in Photo Station
Release date : August 23, 2018
CVE identifier : CVE-2018-0715
Affected products: Photo Station versions 5.7.0 and earlier
Severity
Medium
Status
Resolved
Summary
A cross-site scripting vulnerability has been reported to affect Photo Station versions 5.7.0 and earlier.
If successfully exploited, the vulnerability could allow remote attackers to inject Javascript code in the compromised application.
We have already fixed these issues in Photo Station version 5.7.1 and later.
Recommendation
To resolve the issue, you must update your Photo Station to the latest version.
Upgrading to Photo Station
- Log on to QTS as administrator.
- Open the App Center, and then click the Search icon.
A search box appears. - Type “Photo Station”, and then press ENTER.
The Photo Station application appears in the search results list. - Click Update.
A confirmation message appears. - Click OK.
The application is updated.
Acknowledgements: Mitsuaki “Mitch” Shiraishi of Secureworks Japan
Revision History: V1.0 (August 23, 2018) - Published