Cross-Site Scripting Vulnerabilities in Synology SafeAccess
CVE-2020-27659
8.4HIGH
Summary
Multiple vulnerabilities exist in Synology SafeAccess that permit remote attackers to exploit cross-site scripting (XSS). By manipulating parameters such as 'domain' or 'profile', attackers can inject arbitrary web scripts or HTML, potentially steering users to malicious content or compromising sensitive data.
Affected Version(s)
Safe Access < 1.2.3-0234
References
CVSS V3.1
Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved