Vulnerabilities > Synology > Audio Station > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-30 | CVE-2017-15888 | Cross-site Scripting vulnerability in Synology Audio Station Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | 5.4 |
| 2017-06-30 | CVE-2015-9104 | Cross-site Scripting vulnerability in Synology Audio Station Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | 5.4 |