Vulnerability Details CVE-2017-15888
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.7%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2017-15888
-
cpe:2.3:a:synology:audio_station:4.0-2307
-
cpe:2.3:a:synology:audio_station:5.0-2410
-
cpe:2.3:a:synology:audio_station:5.0-2414
-
cpe:2.3:a:synology:audio_station:5.1-2541
-
cpe:2.3:a:synology:audio_station:5.1-2542
-
cpe:2.3:a:synology:audio_station:5.1-2547
-
cpe:2.3:a:synology:audio_station:5.1-2549
-
cpe:2.3:a:synology:audio_station:5.2-2628
-
cpe:2.3:a:synology:audio_station:5.2-2630
-
cpe:2.3:a:synology:audio_station:5.2-2631
-
cpe:2.3:a:synology:audio_station:5.2-2635
-
cpe:2.3:a:synology:audio_station:5.3-2753
-
cpe:2.3:a:synology:audio_station:5.4-2852
-
cpe:2.3:a:synology:audio_station:5.4-2853
-
cpe:2.3:a:synology:audio_station:5.4-2855
-
cpe:2.3:a:synology:audio_station:5.4-2857
-
cpe:2.3:a:synology:audio_station:5.4-2860
-
cpe:2.3:a:synology:audio_station:5.5-2979
-
cpe:2.3:a:synology:audio_station:5.5-2982
-
cpe:2.3:a:synology:audio_station:5.5-2985
-
cpe:2.3:a:synology:audio_station:5.6.0-2991
-
cpe:2.3:a:synology:audio_station:6.0.0-3088
-
cpe:2.3:a:synology:audio_station:6.0.1-3092
-
cpe:2.3:a:synology:audio_station:6.0.2-3093
-
cpe:2.3:a:synology:audio_station:6.1.0-3154
-
cpe:2.3:a:synology:audio_station:6.1.1-3158
-
cpe:2.3:a:synology:audio_station:6.2.0-3208