Описание
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:synology:video_station:1.2-0439:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.2-0443:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.2-0447:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.2-0451:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.2-0453:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.5-0753:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.5-0754:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.5-0757:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.5-0763:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.5-0770:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.6-0835:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.6-0840:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.6-0841:*:*:*:*:*:*:*
cpe:2.3:a:synology:video_station:1.6-0844:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00246
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.
EPSS
Процентиль: 48%
0.00246
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79