Vulnerabilities > Synology > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-14 CVE-2018-8927 Incorrect Authorization vulnerability in Synology Calendar
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
network
low complexity
synology CWE-863
6.5
2018-06-05 CVE-2018-8924 Cross-site Scripting vulnerability in Synology Office
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
network
low complexity
synology CWE-79
5.4
2018-06-05 CVE-2018-8923 Cross-site Scripting vulnerability in Synology File Station
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
network
low complexity
synology CWE-79
5.4
2018-06-01 CVE-2018-8922 Unspecified vulnerability in Synology Drive Server 1.0.210275
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.
network
low complexity
synology
6.5
2018-06-01 CVE-2018-8921 Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240/1.0.110253
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
network
low complexity
synology CWE-79
5.4
2018-05-10 CVE-2018-8915 Cross-site Scripting vulnerability in Synology Calendar
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
network
low complexity
synology CWE-79
5.4
2018-05-10 CVE-2018-8910 Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
network
low complexity
synology CWE-79
5.4
2018-05-09 CVE-2018-8912 Cross-site Scripting vulnerability in Synology Note Station
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.
network
low complexity
synology CWE-79
5.4
2018-05-09 CVE-2018-8911 Cross-site Scripting vulnerability in Synology Note Station
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
network
low complexity
synology CWE-79
5.4
2018-03-22 CVE-2017-16771 Cross-site Scripting vulnerability in Synology Photo Station
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
network
low complexity
synology CWE-79
6.1