CVE-2017-9553 — Cross-site Scripting in Synology Diskstation Manager

CWE-79 — Cross-site Scripting4 documents4 sources
Severity
7.5HIGHNVD
GHSA5.4
EPSS
0.1%
top 67.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Diskstation Manager
Timeline
PublishedJul 24
Latest updateMay 24

Description

A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

â–¶NVDsynology/diskstation_manager6.1.1-15101-4

🔴Vulnerability Details

3
GHSA
Bolt Cross-site Scripting via the slug, teaser or title parameters↗2022-05-24
â–¶
GHSA
GHSA-mjrv-32hr-4pv5: A design flaw in SYNO↗2022-05-13
â–¶
CVEList
CVE-2017-9553: A design flaw in SYNO↗2017-07-24
â–¶
CVE-2017-9553 — Cross-site Scripting in Synology | cvebase