CVE-2010-2453
Synology DSM < 3.0-1337 - Cross-Site Scripting via FTP Log Injection
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/513970/100/0/threaded
Scores
EPSS
0.0032
EPSS Percentile
54.9%
Details
CWE
CWE-79
Status
published
Products (10)
synology/dsm
2.2-0942
synology/dsm
2.2-1041
synology/dsm
2.2-1042
synology/dsm
2.2-1045
synology/dsm
2.3-1139
synology/dsm
2.3-1141
synology/dsm
2.3-1144
synology/dsm
2.3-1157
synology/dsm
2.3-1161
synology/dsm
3.0-1334
Published
Sep 29, 2010
Tracked Since
Feb 18, 2026