First published: Thu May 10 2018(Updated: )
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Calendar | <2.1.1-0502 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8915 is a cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before version 2.1.1-0502.
Remote authenticated users can exploit CVE-2018-8915 by injecting arbitrary web script or HTML via the title parameter.
CVE-2018-8915 has a severity rating of medium with a CVSS score of 5.4.
The cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar affects versions up to and excluding 2.1.1-0502.
To fix CVE-2018-8915, it is recommended to upgrade to Synology Calendar version 2.1.1-0502 or later.