Details of VAR-201706-0042

ID

VAR-201706-0042

CVE

CVE-2015-9102

TITLE

Synology Photo Station Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-007627

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company

Trust: 1.8

sources: NVD: CVE-2015-9102 // JVNDB: JVNDB-2015-007627 // VULHUB: VHN-87063 // VULMON: CVE-2015-9102

AFFECTED PRODUCTS

vendor:	synology	model:	photo station	scope:	lte	version:	6.3-2960	Trust: 1.0
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2962	Trust: 0.8
vendor:	synology	model:	photo station	scope:	eq	version:	6.0-2638	Trust: 0.8
vendor:	synology	model:	photo station	scope:	lt	version:	6.3	Trust: 0.8
vendor:	synology	model:	photo station	scope:	lt	version:	6.0	Trust: 0.8
vendor:	synology	model:	photo station	scope:	eq	version:	6.3-2960	Trust: 0.6

sources: JVNDB: JVNDB-2015-007627 // CNNVD: CNNVD-201706-1197 // NVD: CVE-2015-9102

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-9102
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-9102
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201706-1197
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-87063
value:	LOW
Trust: 0.1
VULMON:	CVE-2015-9102
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-9102
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-87063
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-9102
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-87063 // VULMON: CVE-2015-9102 // JVNDB: JVNDB-2015-007627 // CNNVD: CNNVD-201706-1197 // NVD: CVE-2015-9102

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-87063 // JVNDB: JVNDB-2015-007627 // NVD: CVE-2015-9102

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1197

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201706-1197

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007627

PATCH

title:	Photo Station 6.3-2962	url:	https://www.synology.com/en-global/support/security/Photo_Station_6_3_2962	Trust: 0.8
title:	Synology Photo Station Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71231	Trust: 0.6

sources: JVNDB: JVNDB-2015-007627 // CNNVD: CNNVD-201706-1197

EXTERNAL IDS

db:	NVD	id:	CVE-2015-9102	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-007627	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-1197	Trust: 0.7
db:	VULHUB	id:	VHN-87063	Trust: 0.1
db:	VULMON	id:	CVE-2015-9102	Trust: 0.1

sources: VULHUB: VHN-87063 // VULMON: CVE-2015-9102 // JVNDB: JVNDB-2015-007627 // CNNVD: CNNVD-201706-1197 // NVD: CVE-2015-9102

REFERENCES

url:	http://www.fortiguard.com/zeroday/fg-vd-15-103	Trust: 2.6
url:	http://www.fortiguard.com/zeroday/fg-vd-15-104	Trust: 2.6
url:	http://www.fortiguard.com/zeroday/fg-vd-15-109	Trust: 2.6
url:	http://www.fortiguard.com/zeroday/fg-vd-15-112	Trust: 2.6
url:	https://www.synology.com/en-global/support/security/photo_station_6_3_2962	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9102	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9102	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-87063 // VULMON: CVE-2015-9102 // JVNDB: JVNDB-2015-007627 // CNNVD: CNNVD-201706-1197 // NVD: CVE-2015-9102

SOURCES

db:	VULHUB	id:	VHN-87063
db:	VULMON	id:	CVE-2015-9102
db:	JVNDB	id:	JVNDB-2015-007627
db:	CNNVD	id:	CNNVD-201706-1197
db:	NVD	id:	CVE-2015-9102

LAST UPDATE DATE

2025-04-20T23:34:21.890000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-87063	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2015-9102	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-007627	date:	2017-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201706-1197	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2015-9102	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-87063	date:	2017-06-30T00:00:00
db:	VULMON	id:	CVE-2015-9102	date:	2017-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-007627	date:	2017-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201706-1197	date:	2017-06-30T00:00:00
db:	NVD	id:	CVE-2015-9102	date:	2017-06-30T13:29:00.177