Multiple Cross-Site Scripting Vulnerabilities in Samsung Syncthru Web Service

Samsung Syncthru Web Service is a web-based synchronization service for printers from Samsung South Korea. Multiple cross-site scripting vulnerabilities exist in Samsung Syncthru Web Service version 4.05.61. A remote attacker can exploit the vulnerabilities to inject arbitrary web script or HTML...

CVE-2018-14908

Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action...