Vulnerabilities > Samsung > Syncthru WEB Service > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-7421 Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.
network
samsung CWE-79
4.3
2019-03-21 CVE-2019-7420 Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.
network
samsung CWE-79
4.3
2019-03-21 CVE-2019-7419 Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.
network
samsung CWE-79
4.3
2019-03-21 CVE-2019-7418 Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
network
samsung CWE-79
4.3
2018-08-03 CVE-2018-14908 Cross-Site Request Forgery (CSRF) vulnerability in Samsung Syncthru web Service 4.05.61
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
network
samsung CWE-352
6.8
2018-08-03 CVE-2018-14904 Cross-site Scripting vulnerability in Samsung Syncthru web Service 4.05.61
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
network
samsung CWE-79
4.3