PT-2017-7551 · Synology · Synology Audio Station

Published

2017-06-30

Updated

2019-10-09

CVE-2015-9104

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Synology Audio Station versions 5.1 before 5.1-2550 Synology Audio Station versions 5.4 before 5.4-2857

Description The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the album title, which can lead to cross-site scripting (XSS) attacks.

Recommendations For Synology Audio Station versions 5.1 before 5.1-2550, update to version 5.1-2550 or later. For Synology Audio Station versions 5.4 before 5.4-2857, update to version 5.4-2857 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-9104

Affected Products

Synology Audio Station

PT-2017-7551 · Synology · Synology Audio Station

CVE-2015-9104

Weakness Enumeration

Related Identifiers

Affected Products

References · 3