First published: Thu Dec 28 2017(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Chat | <2.0.0-1124 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.