Synology: >> Office >> 2.2.0-1502 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-06-30
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-06-05
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
CVSS Score
7.8
EPSS Score
0.025
Published
2017-08-14