Vulnerabilities > Synology > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-05 | CVE-2018-8928 | Cross-site Scripting vulnerability in Synology Carddav Server Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | 3.5 |
| 2018-06-05 | CVE-2018-8923 | Cross-site Scripting vulnerability in Synology File Station Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | 3.5 |
| 2018-06-05 | CVE-2018-8924 | Cross-site Scripting vulnerability in Synology Office Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | 3.5 |
| 2018-05-10 | CVE-2018-8915 | Cross-site Scripting vulnerability in Synology Calendar Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. | 3.5 |
| 2018-05-09 | CVE-2018-8911 | Cross-site Scripting vulnerability in Synology Note Station Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | 3.5 |
| 2018-05-09 | CVE-2018-8912 | Cross-site Scripting vulnerability in Synology Note Station Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. | 3.5 |
| 2018-03-06 | CVE-2018-7170 | Unspecified vulnerability in NTP ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. | 3.5 |
| 2018-02-27 | CVE-2017-16767 | Cross-site Scripting vulnerability in Synology Surveillance Station Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. | 3.5 |
| 2017-12-28 | CVE-2017-15892 | Cross-site Scripting vulnerability in Synology Chat Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. | 3.5 |
| 2017-12-27 | CVE-2017-16768 | Cross-site Scripting vulnerability in Synology Mailplus Server Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | 3.5 |