Cross-Site Scripting Vulnerabilities in Synology SafeAccess
CVE-2020-27659

8.4HIGH

Key Information:

Vendor

Synology
Status
Safe Access
Vendor
CVE Published:
30 November 2020

What is CVE-2020-27659?

Multiple vulnerabilities exist in Synology SafeAccess that permit remote attackers to exploit cross-site scripting (XSS). By manipulating parameters such as 'domain' or 'profile', attackers can inject arbitrary web scripts or HTML, potentially steering users to malicious content or compromising sensitive data.

Affected Version(s)

Safe Access < 1.2.3-0234

References

https://www.synology.com/security/advisory/Synology_SA_20_25
x_refsource_CONFIRM
https://www.talosintelligence.com/vulnerability_reports/T...
x_refsource_MISC
https://github.com/thomasfady/Synology_SA_20_25
x_refsource_MISC

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.