First published: Thu Jul 05 2018(Updated: )
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology CardDAV Server | <6.0.8-0086 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8928 is a cross-site scripting (XSS) vulnerability in the Address Book Editor in Synology CardDAV Server before version 6.0.8-0086.
CVE-2018-8928 allows remote authenticated users to inject arbitrary web script or HTML via certain parameters, potentially leading to unauthorized access or data manipulation.
The Synology CardDAV Server versions up to and excluding 6.0.8-0086 are affected by CVE-2018-8928.
CVE-2018-8928 has a severity rating of medium (5.4) on the Common Vulnerability Scoring System (CVSS) scale.
To fix CVE-2018-8928, users should update their Synology CardDAV Server to version 6.0.8-0086 or later, as advised by Synology in their security advisory.