First published: Tue May 08 2018(Updated: )
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Note Station | <2.5.1-0844 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this cross-site scripting (XSS) vulnerability is CVE-2018-8911.
The severity of CVE-2018-8911 is medium with a score of 5.4.
The software version affected by CVE-2018-8911 is Synology Note Station before 2.5.1-0844.
Remote authenticated users can exploit CVE-2018-8911 by injecting arbitrary web script or HTML via malicious attachments in Synology Note Station before 2.5.1-0844.
Yes, a fix is available for CVE-2018-8911. It is recommended to update Synology Note Station to version 2.5.1-0844.