First published: Tue Feb 27 2018(Updated: )
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Surveillance Station | <8.1.2-5469 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-16767 is rated as medium with a score of 5.4.
To fix CVE-2017-16767, update Synology Surveillance Station to version 8.1.2-5469 or later.
CVE-2017-16767 is a cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary web script or HTML.
Versions of Synology Surveillance Station before 8.1.2-5469 are affected by CVE-2017-16767.
CVE-2017-16767 can be exploited by remote authenticated users.