First published: Wed May 09 2018(Updated: )
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Note Station | <2.5.1-0844 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-8912 is medium with a CVSS score of 5.4.
CVE-2018-8912 allows remote authenticated users to inject arbitrary web script or HTML into Synology Note Station, potentially compromising the security of the system.
To fix the CVE-2018-8912 vulnerability, you should update Synology Note Station to version 2.5.1-0844 or later, as this version includes a patch for the vulnerability.
Cross-site scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
The Common Weakness Enumeration (CWE) ID for CVE-2018-8912 is CWE-79.