XSS in Synology Diskstation_manager

CVE-2015-4655

Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (58.6th percentile) — read the EPSS interpretation.

Affected products

Synology Diskstation_manager
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

20150525 Reflected Cross-Site Scripting in Synology DiskStation Manager (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_CONFIRM)
74811 (vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC)