Vulnerabilities > Synology > Carddav Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-05 | CVE-2018-8928 | Cross-site Scripting vulnerability in Synology Carddav Server Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | 3.5 |
| 2017-11-07 | CVE-2017-15887 | Improper Restriction of Excessive Authentication Attempts vulnerability in Synology Carddav Server An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. | 5.0 |