CVE-2015-9105

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.

Affected Software

VendorProductVersion RangeStatus
SynologyVideo Station1.2affected
SynologyVideo Station1.5affected
SynologyVideo Station1.6affected

Weaknesses

  • CWE-79: Cross Site Scripting (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References