Unauthenticated XSS Vulnerabilities in Samsung Syncthru Web Service
CVE-2018-14904

6.1MEDIUM

Key Information:

Vendor: Samsung
Status: Syncthru Web Service
Vendor: CVE Published:; 3 August 2018

Summary

The Samsung Syncthru Web Service version 4.05.61 is susceptible to multiple unauthenticated Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities occur on several parameters, notably impacting the system's ability to securely process user inputs. An attacker could exploit these weaknesses to inject malicious scripts, which could compromise user sessions and data within the application, potentially leading to unauthorized access or data manipulation.

References

https://medium.com/stolabs/security-issues-on-samsung-syn...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 3, 2018
Vulnerability Reserved
Aug 3, 2018