Cross-Site Scripting Vulnerability in Synology Note Station
CVE-2015-9103

5.4MEDIUM

Key Information:

Vendor
Synology
Status
Note Station
Vendor
CVE Published:
30 June 2017

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in Synology Note Station versions 1.1-0212 and earlier. These vulnerabilities enable remote authenticated attackers to inject arbitrary web scripts or HTML into the application's interface. This is achieved through the manipulation of the note title or the file names of attached documents, potentially leading to unauthorized actions or data exposure. It is critical to update to the latest version to mitigate these risks.

Affected Version(s)

Note Station 1.0

Note Station 1.1

References

http://www.fortiguard.com/zeroday/FG-VD-15-110
x_refsource_MISC
http://www.fortiguard.com/zeroday/FG-VD-15-111
x_refsource_MISC
https://www.synology.com/en-global/support/security/Note_...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.