CVE-2015-9105

Name of the Vulnerable Software and Affected Versions Synology Video Station versions 1.2 before 1.2-0455 Synology Video Station versions 1.5 before 1.5-0772 Synology Video Station versions 1.6 before 1.6-0847

Description The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the file name or collection name of videos.

Recommendations For Synology Video Station versions 1.2 before 1.2-0455, update to version 1.2-0455 or later. For Synology Video Station versions 1.5 before 1.5-0772, update to version 1.5-0772 or later. For Synology Video Station versions 1.6 before 1.6-0847, update to version 1.6-0847 or later.