Vulnerabilities > Synology > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-30 CVE-2015-9103 Cross-site Scripting vulnerability in Synology Note Station
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.
network
low complexity
synology CWE-79
5.4
5.4
2017-06-30 CVE-2015-9102 Cross-site Scripting vulnerability in Synology Photo Station
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.
network
low complexity
synology CWE-79
5.4
5.4