Synology: >> Video Station Security Vulnerabilities
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors.
CVSS Score
6.6
EPSS Score
0.004
Published
2021-06-01
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-08-11
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-06-30
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.
CVSS Score
10.0
EPSS Score
0.297
Published
2015-09-11
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
CVSS Score
7.5
EPSS Score
0.016
Published
2015-09-11
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.
CVSS Score
7.5
EPSS Score
0.006
Published
2015-09-11