Vulnerabilities > Synology > Calendar > 2.3.3.0620
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-12 | CVE-2022-22682 | Cross-site Scripting vulnerability in Synology Calendar Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2021-06-18 | CVE-2021-34812 | Use of Hard-coded Credentials vulnerability in Synology Calendar Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |