Cross-Site Scripting Vulnerability in Synology Video Station
CVE-2017-9556

5.4MEDIUM

Key Information:

Vendor: Synology
Status: Synology Video Station
Vendor: CVE Published:; 11 August 2017

Summary

The vulnerability in Synology Video Station allows remote authenticated attackers to exploit the application through arbitrary web scripts or HTML injection. This is executed via manipulating the title parameter, which poses significant risks to the integrity of user data and the security of the application. Users are advised to update to version 2.3.0-1435 or later to mitigate this security risk.

Affected Version(s)

Synology Video Station before 2.3.0-1435

References

https://www.synology.com/en-global/support/security/Synol...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 11, 2017
Vulnerability Reserved
Jun 12, 2017