Cross-Site Scripting Vulnerability in Synology Download Station
CVE-2015-6909

Currently unrated

Key Information:

Vendor

Synology
Status
Download Station
Vendor
CVE Published:
11 September 2015

What is CVE-2015-6909?

The Synology Download Station prior to version 3.5-2962 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw is found in the 'Create download task via file upload' feature, permitting remote attackers to insert arbitrary web scripts or HTML code through the name element within the Info dictionary of a torrent file. Successful exploitation could lead to session hijacking, data theft, or manipulation of the user interface.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/536428/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/133520/Synology-Down...
x_refsource_MISC
https://www.synology.com/en-global/releaseNote/DownloadSt...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.