CVE-2019-11828

5.5MEDIUM

Key Information:

Vendor: Synology
Status: Office
Vendor: CVE Published:; 30 June 2019

Summary

Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected Version(s)

Office < 3.1.4-2771

References

https://www.synology.com/security/advisory/Synology_SA_19_11

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 30, 2019
Vulnerability Reserved
May 8, 2019