Headline
CVE-2023-34977: Vulnerabilities in Video Station - Security Advisory
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later
Security ID : QSA-23-52
Release date : October 14, 2023
CVE identifier : CVE-2023-34975 | CVE-2023-34976 | CVE-2023-34977
Affected products: Video Station 5.7.x
Summary
Three vulnerabilities have been reported to affect Video Station:
- CVE-2023-34975 and CVE-2023-34976: SQL injection vulnerabilities
- CVE-2023-34977: Cross-site scripting (XSS) vulnerability
If exploited, these vulnerabilities could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Affected Product
Fixed Version
Video Station 5.7.x
Video Station 5.7.0 (2023/07/27) and later
Recommendation
To fix the vulnerability, we recommend updating Video Station to the latest version.
Updating Video Station
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click .
A search box appears. - Type “Video Station” and then press ENTER.
Video Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Video Station is already up to date. - Click OK.
The application is updated.
Attachment
- CVE-2023-34975.json
- CVE-2023-34976.json
- CVE-2023-34977.json
Acknowledgements: Kaibro
Revision History:
V1.0 (October 14, 2023) - Published