Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32152
HistoryJun 01, 2015 - 12:00 a.m.

Reflected Cross-Site Scripting in Synology DiskStation Manager

2015-06-0100:00:00
vulners.com
10
JSON

Reflected Cross-Site Scripting in Synology DiskStation Manager

Han Sahin, May 2015

Abstract

A reflected Cross-Site scripting vulnerability was found in Synology
DiskStation Manager. This issue allows attackers to perform a wide
variety of actions, such as stealing victims' session tokens or login
credentials if available, performing arbitrary actions on their behalf
but also performing arbitrary redirects to potential malicious websites.

Tested version

This issue was tested on Synology DiskStation Manager version 5.2-5565.

Fix

Synology reports that this issue has been resolved in DiskStation
Manager version 5.2-5565 Update 1 (2015/05/21).
https://www.synology.com/en-global/releaseNote/DS214play

Details

https://www.securify.nl/advisory/SFY20150503/reflected_cross_site_scripting_in_synology_diskstation_manager.html

JSON