Synology » Diskstation Manager : Security Vulnerabilities, CVEs, (XSS)
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-02-07
Updated
2023-06-26
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
Max CVSS
5.9
EPSS Score
0.05%
Published
2019-04-01
Updated
2019-10-09
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
Max CVSS
6.5
EPSS Score
0.05%
Published
2018-12-24
Updated
2019-10-09
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.
Max CVSS
6.5
EPSS Score
0.05%
Published
2019-04-01
Updated
2019-10-09
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.
Max CVSS
4.3
EPSS Score
0.27%
Published
2015-06-18
Updated
2016-11-28
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
Max CVSS
4.3
EPSS Score
0.27%
Published
2014-09-12
Updated
2017-08-29
6 vulnerabilities found