CVE-2010-2453

Опубликовано: 29 сент. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*

cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*

cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*

cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*

cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*

cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*

cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*

cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*

cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*

cpe:2.3:o:synology:dsm:3.0-1334:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:synology:disk_station_ds1010\+:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds109:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds110\+:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds110j:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds209:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds210\+:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds210j:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds409slim:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds410:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds410j:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds411\+:*:*:*:*:*:*:*:*

cpe:2.3:h:synology:disk_station_ds710\+:*:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00318

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hjjc-2jc4-2pq4

github

больше 3 лет назад