Vulnerabilities > Synology > Chat > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-28 CVE-2017-15892 Cross-site Scripting vulnerability in Synology Chat
Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.
network
low complexity
synology CWE-79
5.4
5.4
2017-12-28 CVE-2017-15886 Server-Side Request Forgery (SSRF) vulnerability in Synology Chat
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.
network
low complexity
synology CWE-918
6.5
6.5
2017-08-11 CVE-2017-11148 Server-Side Request Forgery (SSRF) vulnerability in Synology Chat
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.
network
low complexity
synology CWE-918
6.5
6.5