Vulnerabilities > Synology > Mailplus Server

DATE CVE VULNERABILITY TITLE RISK
2019-04-01 CVE-2018-13296 Resource Exhaustion vulnerability in Synology Mailplus Server
Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.
network
low complexity
synology CWE-400
7.5
7.5
2017-12-27 CVE-2017-16768 Cross-site Scripting vulnerability in Synology Mailplus Server
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
network
low complexity
synology CWE-79
4.8
4.8
2017-12-15 CVE-2017-15890 Cross-site Scripting vulnerability in Synology Mailplus Server
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.
network
low complexity
synology CWE-79
4.8
4.8