Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-15892

Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
Products affected by CVE-2017-15892
  • Synology » Chat » Version: 1.0.0-0126
    cpe:2.3:a:synology:chat:1.0.0-0126
  • Synology » Chat » Version: 1.0.0-0127
    cpe:2.3:a:synology:chat:1.0.0-0127
  • Synology » Chat » Version: 1.0.2-0158
    cpe:2.3:a:synology:chat:1.0.2-0158
  • Synology » Chat » Version: 1.0.2-0159
    cpe:2.3:a:synology:chat:1.0.2-0159
  • Synology » Chat » Version: 1.1.0-0806
    cpe:2.3:a:synology:chat:1.1.0-0806
  • Synology » Chat » Version: 1.1.1-0902
    cpe:2.3:a:synology:chat:1.1.1-0902


Products
Pricing
Contact Us

Shodan ® - All rights reserved