Lucene search

PRIOn knowledge basePRION:CVE-2010-2453

HistorySep 29, 2010 - 5:00 p.m.

Cross site scripting

2010-09-2917:00:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

47.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a “web commands injection” issue.

CPENameOperatorVersion
dsmeq2.2.942
dsmeq2.2.1041
dsmeq2.2.1042
dsmeq2.2.1045
dsmeq2.3.1139
dsmeq2.3.1141
dsmeq2.3.1144
dsmeq2.3.1157
dsmeq2.3.1161
dsmeq3.0.1334

Name	Operator	Version
dsm	eq	2.2.942
dsm	eq	2.2.1041
dsm	eq	2.2.1042
dsm	eq	2.2.1045
dsm	eq	2.3.1139
dsm	eq	2.3.1141
dsm	eq	2.3.1144
dsm	eq	2.3.1157
dsm	eq	2.3.1161
dsm	eq	3.0.1334

References

www.securityfocus.com/archive/1/513970/100/0/threaded

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

47.5%

JSON

Related for PRION:CVE-2010-2453