Vulnerability Details CVE-2018-8912
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 3.5
References
Products affected by CVE-2018-8912
-
cpe:2.3:a:synology:note_station:1.0-0069
-
cpe:2.3:a:synology:note_station:1.0-0074
-
cpe:2.3:a:synology:note_station:1.1-0205
-
cpe:2.3:a:synology:note_station:1.1-0207
-
cpe:2.3:a:synology:note_station:1.1-0211
-
cpe:2.3:a:synology:note_station:1.1-0212
-
cpe:2.3:a:synology:note_station:1.1-0214
-
cpe:2.3:a:synology:note_station:1.1-0215
-
cpe:2.3:a:synology:note_station:2.0-0513
-
cpe:2.3:a:synology:note_station:2.1.0-0528
-
cpe:2.3:a:synology:note_station:2.2.0-0538
-
cpe:2.3:a:synology:note_station:2.3.0-0547
-
cpe:2.3:a:synology:note_station:2.4.0-0615
-
cpe:2.3:a:synology:note_station:2.4.1-0619
-
cpe:2.3:a:synology:note_station:2.4.2-0629
-
cpe:2.3:a:synology:note_station:2.4.3-0810
-
cpe:2.3:a:synology:note_station:2.4.4-0822
-
cpe:2.3:a:synology:note_station:2.4.5-0824
-
cpe:2.3:a:synology:note_station:2.4.6-0827
-
cpe:2.3:a:synology:note_station:2.5.0-0839