Vulnerabilities > Synology > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-12072 | Cross-site Scripting vulnerability in Synology Photo Station Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. | 3.5 |
| 2017-12-15 | CVE-2017-15890 | Cross-site Scripting vulnerability in Synology Mailplus Server Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | 3.5 |
| 2017-10-30 | CVE-2017-15888 | Cross-site Scripting vulnerability in Synology Audio Station Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | 3.5 |
| 2017-08-24 | CVE-2017-9555 | Cross-site Scripting vulnerability in Synology Photo Station Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | 3.5 |
| 2017-08-11 | CVE-2017-9556 | Cross-site Scripting vulnerability in Synology Video Station Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. | 3.5 |
| 2017-06-30 | CVE-2015-9102 | Cross-site Scripting vulnerability in Synology Photo Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. | 3.5 |
| 2017-06-30 | CVE-2015-9103 | Cross-site Scripting vulnerability in Synology Note Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. | 3.5 |
| 2017-06-30 | CVE-2015-9104 | Cross-site Scripting vulnerability in Synology Audio Station Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | 3.5 |
| 2017-06-30 | CVE-2015-9105 | Cross-site Scripting vulnerability in Synology Video Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | 3.5 |
| 2017-06-13 | CVE-2017-9552 | Improper Authentication vulnerability in Synology Photo Station A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. | 2.1 |