Vulnerability Details CVE-2017-16768
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.8%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2017-16768
-
cpe:2.3:a:synology:mailplus_server:1.0-0182
-
cpe:2.3:a:synology:mailplus_server:1.0-0183
-
cpe:2.3:a:synology:mailplus_server:1.0-0186
-
cpe:2.3:a:synology:mailplus_server:1.0-0190
-
cpe:2.3:a:synology:mailplus_server:1.1.0-0208
-
cpe:2.3:a:synology:mailplus_server:1.1.1-0213
-
cpe:2.3:a:synology:mailplus_server:1.1.2-0250
-
cpe:2.3:a:synology:mailplus_server:1.2.0-0295
-
cpe:2.3:a:synology:mailplus_server:1.2.1-0298
-
cpe:2.3:a:synology:mailplus_server:1.2.2-0301
-
cpe:2.3:a:synology:mailplus_server:1.2.3-0302
-
cpe:2.3:a:synology:mailplus_server:1.3.0-0370
-
cpe:2.3:a:synology:mailplus_server:1.3.2-0373
-
cpe:2.3:a:synology:mailplus_server:1.3.3-0381
-
cpe:2.3:a:synology:mailplus_server:1.3.4-0383