Synology: >> Carddav Server >> 6.0.3-0078 Security Vulnerabilities
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVSS Score
8.3
EPSS Score
0.004
Published
2022-07-28
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-05
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-11-07