Vulnerability Details CVE-2018-8923
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 3.5
References
Products affected by CVE-2018-8923
-
cpe:2.3:a:synology:file_station:1.0.0-0027
-
cpe:2.3:a:synology:file_station:1.0.0-0039
-
cpe:2.3:a:synology:file_station:1.0.1-0046
-
cpe:2.3:a:synology:file_station:1.0.2-0049
-
cpe:2.3:a:synology:file_station:1.1.0-0075
-
cpe:2.3:a:synology:file_station:1.1.1-0095
-
cpe:2.3:a:synology:file_station:1.1.1-0099
-
cpe:2.3:a:synology:file_station:1.1.1-0103
-
cpe:2.3:a:synology:file_station:1.1.1-0110
-
cpe:2.3:a:synology:file_station:1.1.2-0115
-
cpe:2.3:a:synology:file_station:1.1.3-0120