Cross site scripting

2017-06-3013:29:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.

CPENameOperatorVersion
note_stationeq<= 1.1-212

CPE	Name	Operator	Version
	note_station	eq	<= 1.1-212

References

www.fortiguard.com/zeroday/FG-VD-15-110

www.fortiguard.com/zeroday/FG-VD-15-111

www.synology.com/en-global/support/security/Note_Station_1_1_0214