CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2020-27660
https://notcve.org/view.php?id=CVE-2020-27660
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. Una vulnerabilidad de inyección SQL en el archivo request.cgi en Synology SafeAccess versiones anteriores a 1.2.3-0234, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro domain • https://github.com/thomasfady/Synology_SA_20_25 https://www.synology.com/security/advisory/Synology_SA_20_25 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-27659
https://notcve.org/view.php?id=CVE-2020-27659
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Synology SafeAccess versiones anteriores a 1.2.3-0234, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) domain o (2) profile • https://github.com/thomasfady/Synology_SA_20_25 https://www.synology.com/security/advisory/Synology_SA_20_25 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •