CVE-2015-9103

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.

Affected Software

VendorProductVersion RangeStatus
SynologyNote Station1.0affected
SynologyNote Station1.1affected

Weaknesses

  • CWE-79: Cross Site Scripting (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References