Vulnerabilities > CVE-2022-22682 - Unspecified vulnerability in Synology Calendar

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

synology

NVD

Published: 2022-07-12

Updated: 2024-11-21

Summary

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Calendar 1.0.0-0121 Synology Calendar 1.0.2-0131 Synology Calendar 1.0.3-0132 Synology Calendar 1.1.0-0146 Synology Calendar 2.0.0-0241 Synology Calendar 2.0.1-0242 Synology Calendar 2.1.0-0425 Synology Calendar 2.1.1-0502 Synology Calendar 2.1.2-0511 Synology Calendar 2.2.1-0518 Synology Calendar 2.2.2-0532 Synology Calendar 2.2.3-0534 Synology Calendar 2.3.0-0615 Synology Calendar 2.3.1-0617 Synology Calendar 2.3.2-0619 Synology Calendar 2.3.3-0620	16

Summary

Vulnerable Configurations

References