CVE-2018-8917

Summary

Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

Affected Software

VendorProductVersion RangeStatus
SynologyDiskStation Manager (DSM)unspecified < 6.1.6-15266affected

Weaknesses

  • CWE-79: Cross-site Scripting (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References