CVE-2015-9103
MEDIUMSynology Note Station < 1.1-0212 - Authenticated Cross-Site Scripting via Note Title or Attachment File Name
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
http://www.fortiguard.com/zeroday/FG-VD-15-110
Third Party Advisory x_refsource_misc
http://www.fortiguard.com/zeroday/FG-VD-15-111
Vendor Advisory x_refsource_confirm
https://www.synology.com/en-global/support/security/Note_Station_1_1_0214
Scores
CVSS v3
5.4
EPSS
0.0025
EPSS Percentile
47.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
Synology/Note Station
1.0
Synology/Note Station
1.1
synology/note_station
< 1.1-0212
Published
Jun 30, 2017
Tracked Since
Feb 18, 2026