2 matches found
CVE-2019-11825
Cross-site scripting XSS vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter...
CVE-2019-11825
CVE-2019-11825 is a cross-site scripting (XSS) vulnerability in Synology Calendar’s Event Editor, affecting versions before 2.3.0-0615. The underlying issue is insufficient validation of client data in the Web application, enabling remote attackers to inject arbitrary script via the title field. ...