Synology: >> Note Station >> 1.1-0211 Security Vulnerabilities
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-08-03
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-06-30
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-05-09
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-05-09
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-06-30