Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32502
HistorySep 14, 2015 - 12:00 a.m.

Multiple Cross-Site Scripting vulnerabilities in Synology Download Station

2015-09-1400:00:00
vulners.com
17
JSON

Multiple Cross-Site Scripting vulnerabilities in Synology Download
Station

Han Sahin, September 2015

Abstract

Multiple Cross-Site Scripting vulnerabilities were found in Synology
Download Station. These issues allow attackers to perform a wide variety
of actions, such as stealing victims' session tokens or login
credentials if available, performing arbitrary actions on their behalf
but also performing arbitrary redirects to potential malicious websites.

Tested version

These issues have been tested on Synology Download Station version
3.5-2956 and version 3.5-2962.

Fix

Synology reports that these issue have been resolved in:

  • Download Station version 3.5-2962 [Create download task via file
    upload]
  • Download Station version 3.5-2967 [Create download task via URL]

Details

https://www.securify.nl/advisory/SFY20150809/multiple_cross_site_scripting_vulnerabilities_in_synology_download_station.html

JSON