CVE-2010-2453 – Synology Disk Station Code Execution / Cross Site Request Forgery / Cross Site Scripting

https://notcve.org/view.php?id=CVE-2010-2453

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Synology Disk Station v2.x antes de DSM3.0-1337 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante la conexión al servidor FTP y proporciondo un comando (1) USER o (2) PASS manipulados, los cuales son escritos por el módulo de registro (log) del FTP a una ventana de registro de interfaz web, relacionadas con un problema de "inyección de comandos web" . Synology Disk Station suffers from code execution, cross site request forgery and cross site scripting vulnerabilities. • http://www.securityfocus.com/archive/1/513970/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •