Lucene search
K
SynologyNote Station

5 matches found

CVE
CVE
added 2017/06/30 1:0 p.m.1865 views

CVE-2015-9103

Synology Note Station 1.1-0212 and earlier are affected by cross-site scripting (XSS) via (1) note title or (2) attachment file name. Remote authenticated attackers can inject script; impact is browser-execution of arbitrary HTML/code. A patch exists: update to Note Station 1.1-0214 or later per ...

5.4CVSS5.1AI score0.0082EPSS
CVE
CVE
added 2022/08/03 2:25 a.m.176 views

CVE-2022-27619

CVE-2022-27619 affects Synology Note Station Client prior to 2.2.2-609. The issue is a cleartext transmission of sensitive information in authentication management, enabling man-in-the-middle attackers to obtain sensitive data via unspecified vectors. The connected PT Security entry confirms vers...

6.8CVSS5.4AI score0.00316EPSS
CVE
CVE
added 2019/06/30 3:5 p.m.64 views

CVE-2019-11827

The vulnerability CVE-2019-11827 is a cross-site scripting flaw in Synology Note Station (SYNO.NoteStation.Shard) prior to version 2.5.3-0863. The issue arises from insufficient validation of the object_id parameter, enabling an attacker to inject arbitrary web script or HTML. Affected software: ...

6.5CVSS5.4AI score0.00803EPSS
CVE
CVE
added 2018/05/09 1:0 p.m.48 views

CVE-2018-8911

Synology Note Station’s Attachment Preview is affected by CVE-2018-8911. The vulnerability is an XSS in Attachment Preview prior to version 2.5.1-0844 that allows remote authenticated users to inject arbitrary web script or HTML via a malicious attachment. Public sources (CNVD/NVD entries) descri...

6.5CVSS5.1AI score0.01029EPSS
CVE
CVE
added 2018/05/09 1:0 p.m.46 views

CVE-2018-8912

Synology Note Station (Note Station) contains an XSS in SYNO.NoteStation.Note that affects versions prior to 2.5.1-0844. An authenticated remote attacker can inject arbitrary script/HTML via the commit_msg parameter. Impact is XSS with partial integrity exposures and low confidentiality concerns;...

6.5CVSS5AI score0.01029EPSS