Cross-site Scripting Vulnerability in Synology Office by Synology
CVE-2019-11828

5.5MEDIUM

Key Information:

Vendor: Synology
Status: Office
Vendor: CVE Published:; 30 June 2019

Summary

A Cross-site Scripting (XSS) vulnerability exists in Synology Office prior to version 3.1.4-2771, which allows remote authenticated users to inject arbitrary web scripts or HTML. This vulnerability can be exploited through unspecified vectors, posing a significant risk to users by allowing attackers to execute malicious scripts within the context of a user's session.

Affected Version(s)

Office < 3.1.4-2771

References

https://www.synology.com/security/advisory/Synology_SA_19_11

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 30, 2019
Vulnerability Reserved
May 8, 2019