Lucene search

Mailplus Server Security Vulnerabilities

cve

CVE-2017-15890

Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.

4.8CVSS

4.7AI Score

0.001EPSS

2017-12-15 03:29 PM

cve

CVE-2017-16768

Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.

4.8CVSS

4.7AI Score

0.001EPSS

2017-12-27 05:29 PM

cve

CVE-2018-13296

Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.

7.5CVSS

7.5AI Score

0.001EPSS

2019-04-01 03:29 PM