Published: 29/09/2010 Updated: 10/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote malicious users to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
synology dsm 2.3-1144
synology dsm 2.3-1157
synology dsm 2.3-1161
synology dsm 2.2-1042
synology dsm 2.2-1045
synology dsm 2.3-1139
synology dsm 2.3-1141
synology dsm 3.0-1334
synology dsm 2.2-1041
synology dsm 2.2-0942

Synology Disk Station suffers from code execution, cross site request forgery and cross site scripting vulnerabilities ...

CWE-79 http://www.securityfocus.com/archive/1/513970/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/94283/Synology-Disk-Station-Code-Execution-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2453

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect