CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-9103

Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 48.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

http://www.fortiguard.com/zeroday/FG-VD-15-110
http://www.fortiguard.com/zeroday/FG-VD-15-111
https://www.synology.com/en-global/support/security/Note_Station_1_1_0214
http://www.fortiguard.com/zeroday/FG-VD-15-110
http://www.fortiguard.com/zeroday/FG-VD-15-111
https://www.synology.com/en-global/support/security/Note_Station_1_1_0214

Products affected by CVE-2015-9103

Synology » Note Station » Version: 1.0-0069

cpe:2.3:a:synology:note_station:1.0-0069
Synology » Note Station » Version: 1.0-0074

cpe:2.3:a:synology:note_station:1.0-0074
Synology » Note Station » Version: 1.1-0205

cpe:2.3:a:synology:note_station:1.1-0205
Synology » Note Station » Version: 1.1-0207

cpe:2.3:a:synology:note_station:1.1-0207
Synology » Note Station » Version: 1.1-0211

cpe:2.3:a:synology:note_station:1.1-0211
Synology » Note Station » Version: 1.1-0212

cpe:2.3:a:synology:note_station:1.1-0212

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-9103

Products

Pricing

Contact Us