Vulnerabilities > Synology > Office
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-30 | CVE-2019-11828 | Cross-site Scripting vulnerability in Synology Office Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-06-05 | CVE-2018-8924 | Cross-site Scripting vulnerability in Synology Office Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | 5.4 |
| 2017-08-14 | CVE-2017-11150 | OS Command Injection vulnerability in Synology Office 2.2.01502/2.2.11506 Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | 7.8 |