5 matches found
CVE-2015-9103
Synology Note Station 1.1-0212 and earlier are affected by cross-site scripting (XSS) via (1) note title or (2) attachment file name. Remote authenticated attackers can inject script; impact is browser-execution of arbitrary HTML/code. A patch exists: update to Note Station 1.1-0214 or later per ...
CVE-2022-27619
CVE-2022-27619 affects Synology Note Station Client prior to 2.2.2-609. The issue is a cleartext transmission of sensitive information in authentication management, enabling man-in-the-middle attackers to obtain sensitive data via unspecified vectors. The connected PT Security entry confirms vers...
CVE-2019-11827
The vulnerability CVE-2019-11827 is a cross-site scripting flaw in Synology Note Station (SYNO.NoteStation.Shard) prior to version 2.5.3-0863. The issue arises from insufficient validation of the object_id parameter, enabling an attacker to inject arbitrary web script or HTML. Affected software: ...
CVE-2018-8911
Synology Note Station’s Attachment Preview is affected by CVE-2018-8911. The vulnerability is an XSS in Attachment Preview prior to version 2.5.1-0844 that allows remote authenticated users to inject arbitrary web script or HTML via a malicious attachment. Public sources (CNVD/NVD entries) descri...
CVE-2018-8912
Synology Note Station (Note Station) contains an XSS in SYNO.NoteStation.Note that affects versions prior to 2.5.1-0844. An authenticated remote attacker can inject arbitrary script/HTML via the commit_msg parameter. Impact is XSS with partial integrity exposures and low confidentiality concerns;...