Cross-Site Scripting Vulnerability in Synology Drive by Synology
CVE-2018-8921

5.4MEDIUM

Key Information:

Vendor: Synology
Status: Drive
Vendor: CVE Published:; 1 June 2018

Summary

A cross-site scripting (XSS) vulnerability exists in the File Sharing Notify Toast feature of Synology Drive prior to version 1.0.2-10275. This vulnerability allows remote authenticated users to execute arbitrary web scripts or HTML by injecting malicious code into file names. The exploitation of this weakness could lead to unauthorized actions or exposure of sensitive information, highlighting the importance of applying security patches and keeping software updated.

Affected Version(s)

Drive < 1.0.2-10275

References

https://www.synology.com/en-global/support/security/Synol...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 1, 2018
Vulnerability Reserved
Mar 22, 2018