CVE-2025-10466
MEDIUMSynology Safe Access < 1.3.1-0329 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Title source: ruleDescription
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Synology-SA-25:11 Safe Access
https://www.synology.com/en-global/security/advisory/Synology_SA_25_11
Scores
CVSS v3
5.9
EPSS
0.0027
EPSS Percentile
17.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
Synology/Safe Access
< 1.3.1-0329
synology/safe_access
< 1.3.1-0329
Published
May 27, 2026
Tracked Since
May 27, 2026