CVE-2017-15892

2017-12-28T15:29:00
ID CVE-2017-15892
Type cve
Reporter cve@mitre.org
Modified 2019-10-09T23:24:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.