2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted 1 USER or 2 PASS command, which is written by the FTP logging module to a...
CVE-2010-2453
CVE-2010-2453 describes multiple cross-site scripting (XSS) vulnerabilities in Synology DiskStation 2.x, prior to DSM3.0-1337. The issue arises when an attacker uses the FTP server to trigger the FTP logging module to write crafted USER or PASS entries into a web-interface log window, enabling ar...