Unauthenticated XSS Vulnerabilities in Samsung Syncthru Web Service
CVE-2018-14904

6.1MEDIUM

Key Information:

Vendor: Samsung
Status: Syncthru Web Service
Vendor: CVE Published:; 3 August 2018

What is CVE-2018-14904?

The Samsung Syncthru Web Service version 4.05.61 is susceptible to multiple unauthenticated Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities occur on several parameters, notably impacting the system's ability to securely process user inputs. An attacker could exploit these weaknesses to inject malicious scripts, which could compromise user sessions and data within the application, potentially leading to unauthorized access or data manipulation.

References

https://medium.com/stolabs/security-issues-on-samsung-syn...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2018
Vulnerability Reserved
Aug 3, 2018