3 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. Una vulnerabilidad de consumo de recursos no controlado en la configuración TLS en Synology MailPlus Server, en versiones anteriores a la 2.0.5-0606, permite a los atacantes remotos realizar ataques de denegación de servicio (DoS) mediante una renegociación iniciada por el cliente. • https://www.synology.com/security/advisory/Synology_SA_18_43 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en el editor de políticas de usuario, User Policy, en Synology MailPlus Server, en versiones anteriores a la 1.4.0-0415 permite que usuarios autenticados remotos inyecten código HTML arbitrario mediante el parámetro name. • https://www.synology.com/en-global/support/security/Synology_SA_17_81 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en Disclaimer en Synology MailPlus Server en versiones anteriores a la 1.4.0-0415 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro NAME. • https://www.synology.com/en-global/support/security/Synology_SA_17_75 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •