CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27619
https://notcve.org/view.php?id=CVE-2022-27619
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Una vulnerabilidad de la transmisión de información confidencial en texto sin cifrar en la administración de la autenticación en Synology Note Station Client versiones anteriores a 2.2.2-609, permite a atacantes de tipo man-in-the-middle obtener información confidencial por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_22_12 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11827
https://notcve.org/view.php?id=CVE-2019-11827
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter. Una vulnerabilidad de tipo cross-site-scripting (XSS) en el archivo SYNO.NotaStation.Shard en Synology Note Station anterior a versión 2.5.3-0863, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro object_id. • https://www.synology.com/security/advisory/Synology_SA_19_08 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8911
https://notcve.org/view.php?id=CVE-2018-8911
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. Vulnerabilidad de Cross-Site Scripting (XSS) en Attachment Preview en Synology Note Station en versiones anteriores a la 2.5.1-0844 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante adjuntos maliciosos. • https://www.synology.com/zh-tw/support/security/Synology_SA_18_03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8912
https://notcve.org/view.php?id=CVE-2018-8912
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en SYNO.NoteStation.Note en Synology Note Station en versiones anteriores a la 2.5.1-0844 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro commit_msg. • https://www.synology.com/zh-tw/support/security/Synology_SA_18_03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9103
https://notcve.org/view.php?id=CVE-2015-9103
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. Varias vulnerabilidades de tipo XSS (Cross-site scripting) en Synology Note Station 1.1-0212 y versioness anteriores, permiten a los atacantes remotos autenticados inyectar secuencias de comandos web o HTML mediante el título de la nota (1) o el nombre de archivo de los archivos adjuntos. • http://www.fortiguard.com/zeroday/FG-VD-15-110 http://www.fortiguard.com/zeroday/FG-VD-15-111 https://www.synology.com/en-global/support/security/Note_Station_1_1_0214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •