Injection Vulnerability in Synology DiskStation Manager by Synology
CVE-2021-43929

5.4MEDIUM

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 7 February 2022

Summary

An improper neutralization of special elements in output vulnerability exists in Synology DiskStation Manager, allowing remote authenticated users to inject arbitrary web scripts or HTML. This issue may lead to unauthorized access or manipulation of web-based applications, highlighting the critical importance of ensuring proper input validation and sanitization mechanisms.

Affected Version(s)

DiskStation Manager (DSM) < 7.0.1-42218-2

References

https://www.synology.com/security/advisory/Synology_SA_22_01

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 7, 2022
Vulnerability Reserved
Nov 16, 2021