Synology » Note Station : Security Vulnerabilities, CVEs,

CVE-2022-27619

Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.10%
Published
2022-08-03
Updated
2022-08-09

CVE-2019-11827

Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
Max CVSS
6.5
EPSS Score
0.05%
Published
2019-06-30
Updated
2023-01-30

CVE-2018-8912

Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.
Max CVSS
6.5
EPSS Score
0.05%
Published
2018-05-09
Updated
2019-10-09

CVE-2018-8911

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
Max CVSS
6.5
EPSS Score
0.05%
Published
2018-05-09
Updated
2019-10-09

CVE-2015-9103

Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-06-30
Updated
2019-10-09
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close