Vulnerability Details CVE-2018-8928
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 3.5
References
Products affected by CVE-2018-8928
-
cpe:2.3:a:synology:carddav_server:5.2.0-0019
-
cpe:2.3:a:synology:carddav_server:5.2.0-0021
-
cpe:2.3:a:synology:carddav_server:5.2.0-0026
-
cpe:2.3:a:synology:carddav_server:5.2.0-0027
-
cpe:2.3:a:synology:carddav_server:5.2.0-0028
-
cpe:2.3:a:synology:carddav_server:6.0.0-0074
-
cpe:2.3:a:synology:carddav_server:6.0.2-0077
-
cpe:2.3:a:synology:carddav_server:6.0.3-0078
-
cpe:2.3:a:synology:carddav_server:6.0.4-0080
-
cpe:2.3:a:synology:carddav_server:6.0.5-0081
-
cpe:2.3:a:synology:carddav_server:6.0.6-0083
-
cpe:2.3:a:synology:carddav_server:6.0.7-0085