Cross-site Scripting Vulnerability in Synology Calendar
CVE-2022-22682

6.5MEDIUM

Key Information:

Vendor: Synology
Status: Synology Calendar
Vendor: CVE Published:; 12 July 2022

What is CVE-2022-22682?

An input validation flaw in Synology Calendar versions prior to 2.4.5-10930 permits remote authenticated users to exploit the web application. By injecting arbitrary web scripts or HTML through specific vectors, attackers could potentially manipulate user sessions or steal sensitive information, compromising the integrity of user data.

Affected Version(s)

Synology Calendar < 2.4.5-10930

References

https://www.synology.com/security/advisory/Synology_SA_22_07

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Jan 5, 2022