QNAP Photo Station
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in QNAP Photo Station.
By the Year
In 2026 there have been 0 vulnerabilities in QNAP Photo Station. Last year, in 2025 Photo Station had 1 security vulnerability published. Right now, Photo Station is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 9.80 |
| 2024 | 3 | 7.10 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 9.90 |
| 2021 | 1 | 6.10 |
| 2020 | 3 | 6.10 |
| 2019 | 1 | 0.00 |
| 2018 | 2 | 0.00 |
It may take a day or so for new Photo Station vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent QNAP Photo Station Security Vulnerabilities
CVE-2017-20210: Photo Station XMR Mining Vulnerability in 5.4.1
CVE-2017-20210
9.8 - Critical
- November 11, 2025
Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.
Information Disclosure
XSS in QNAP Photo Station before 6.4.3 remote attacker code injection
CVE-2024-32770
- November 22, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later
XSS
OS Command Injection in Photo Station <6.4.2 via Authenticated Users
CVE-2023-47562
8.8 - High
- February 02, 2024
An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later
Command Injection
Authenticated XSS in Photo Station < 6.4.2
CVE-2023-47561
5.4 - Medium
- February 02, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later
XSS
Externally Controlled Reference RCE in Photo Station (QTS5.0.1)
CVE-2022-27593
10 - Critical
- September 08, 2022
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
Externally Controlled Reference to a Resource in Another Sphere
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station
CVE-2021-44057
9.8 - Critical
- May 05, 2022
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later
authentification
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code
CVE-2020-2502
6.1 - Medium
- February 17, 2021
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later
XSS
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station
CVE-2018-19956
6.1 - Medium
- November 02, 2020
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
XSS
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station
CVE-2018-19955
6.1 - Medium
- November 02, 2020
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
XSS
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station
CVE-2018-19954
6.1 - Medium
- November 02, 2020
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
XSS
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could
CVE-2018-0722
- February 01, 2019
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could
CVE-2018-0715
- August 27, 2018
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could
CVE-2017-13073
- April 23, 2018
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for QNAP Photo Station or by QNAP? Click the Watch button to subscribe.
