PT-2018-18710 · Synology · Synology Note Station

Taien Wang

Publicado

2018-05-09

Atualizado

2019-10-09

CVE-2018-8911

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Synology Note Station versions prior to 2.5.1-0844

Description A cross-site scripting (XSS) issue exists in the Attachment Preview feature of Synology Note Station, allowing remote authenticated users to inject arbitrary web script or HTML via malicious attachments.

Recommendations For versions prior to 2.5.1-0844, update to version 2.5.1-0844 or later to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-8911

Produtos afetados

Synology Note Station

PT-2018-18710 · Synology · Synology Note Station

CVE-2018-8911

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3