XSS in Synology Photo_station
CVE-2015-4656
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.p…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (52.3th percentile) — read the EPSS interpretation.
Affected products
- Synology Photo_station
- N/a — versions n/a
Weakness classification (CWE)
References
- 74816 (vdb-entry, x_refsource_BID)
- 20150525 Synology Photo Station multiple Cross-Site Scripting vulnerabilities (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM)