Vulnerability Details CVE-2017-9556
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2017-9556
-
cpe:2.3:a:synology:video_station:-
-
cpe:2.3:a:synology:video_station:1.2-0439
-
cpe:2.3:a:synology:video_station:1.2-0443
-
cpe:2.3:a:synology:video_station:1.2-0447
-
cpe:2.3:a:synology:video_station:1.2-0451
-
cpe:2.3:a:synology:video_station:1.2-0453
-
cpe:2.3:a:synology:video_station:1.3-0562
-
cpe:2.3:a:synology:video_station:1.4-0667
-
cpe:2.3:a:synology:video_station:1.4-0668
-
cpe:2.3:a:synology:video_station:1.4-0673
-
cpe:2.3:a:synology:video_station:1.4-0674
-
cpe:2.3:a:synology:video_station:1.4-0678
-
cpe:2.3:a:synology:video_station:1.4-0679
-
cpe:2.3:a:synology:video_station:1.5-0753
-
cpe:2.3:a:synology:video_station:1.5-0754
-
cpe:2.3:a:synology:video_station:1.5-0757
-
cpe:2.3:a:synology:video_station:1.5-0763
-
cpe:2.3:a:synology:video_station:1.5-0770
-
cpe:2.3:a:synology:video_station:1.5-0772
-
cpe:2.3:a:synology:video_station:1.5-0775
-
cpe:2.3:a:synology:video_station:1.5-0776
-
cpe:2.3:a:synology:video_station:1.6-0835
-
cpe:2.3:a:synology:video_station:1.6-0840
-
cpe:2.3:a:synology:video_station:1.6-0841
-
cpe:2.3:a:synology:video_station:1.6-0844
-
cpe:2.3:a:synology:video_station:1.6-0857
-
cpe:2.3:a:synology:video_station:1.6-0858
-
cpe:2.3:a:synology:video_station:1.6-0859
-
cpe:2.3:a:synology:video_station:2.0-1124
-
cpe:2.3:a:synology:video_station:2.0-1132
-
cpe:2.3:a:synology:video_station:2.0-1134
-
cpe:2.3:a:synology:video_station:2.1.0-1226
-
cpe:2.3:a:synology:video_station:2.1.1-1229
-
cpe:2.3:a:synology:video_station:2.1.2-1236
-
cpe:2.3:a:synology:video_station:2.2.0-1361
-
cpe:2.3:a:synology:video_station:2.2.1-1364