7 matches found
Synology DiskStation Manager Cross-site Scripting (CVE-2018-8917)
Cross-site scripting XSS vulnerability in info.cgi in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mor...
Synology DiskStation Manager Information Disclosure Vulnerability (CNVD-2019-03278)
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music, and more. An information disclosure vulnerability exists in SYNO.Core.Desktop.SessionData in Synology DSM...
CVE-2018-8917
Cross-site scripting XSS vulnerability in info.cgi in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter...
CVE-2018-8920
CVE-2018-8920 affects Synology DiskStation Manager (DSM) prior to 6.1.6-15266, via the Log Exporter. The root cause is improper neutralization of escape characters when exporting an archive in CSV format, enabling remote attackers to inject arbitrary content with an unspecified impact. The vulner...
PT-2018-18718 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.1.6-15266 Description: The issue is related to improper neutralization of escape in the Log Exporter component, allowing remote attackers to inject arbitrary content when exporting an archi...
PT-2018-18717 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.1.6-15266 Description: The issue allows remote attackers to steal credentials. Recommendations: For versions prior to 6.1.6-15266, update to version 6.1.6-15266 or later to resolve the issu...
PT-2018-18715 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.1.6-15266 Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the host parameter in the info.cgi...