CVE-2018-19956

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code.
This issue affects:
QNAP Systems Inc. Photo Station
versions prior to 5.7.11;
versions prior to 6.0.10.

Source: CVE-2018-19956