First published: Sun Jun 30 2019(Updated: )
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Note Station | <2.5.3-0863 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11827 is a cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before version 2.5.3-0863.
CVE-2019-11827 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter, posing a risk of cross-site scripting attacks.
The severity of CVE-2019-11827 is classified as medium with a CVSS score of 5.4.
Synology Note Station versions up to and excluding 2.5.3-0863 are affected by CVE-2019-11827.
To fix CVE-2019-11827, it is recommended to update Synology Note Station to version 2.5.3-0863 or higher.