Cross-site Scripting Vulnerability in Synology Office by Synology
CVE-2019-11828

5.5MEDIUM

Key Information:

Vendor

Synology
Status
Office
Vendor
CVE Published:
30 June 2019

What is CVE-2019-11828?

A Cross-site Scripting (XSS) vulnerability exists in Synology Office prior to version 3.1.4-2771, which allows remote authenticated users to inject arbitrary web scripts or HTML. This vulnerability can be exploited through unspecified vectors, posing a significant risk to users by allowing attackers to execute malicious scripts within the context of a user's session.

Affected Version(s)

Office < 3.1.4-2771

References

https://www.synology.com/security/advisory/Synology_SA_19_11
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.