CVE-2015-9103 - AskarLabs CVE Database

CVE-2015-9103

Vendor Synology

Product Note Station

Weakness CWE-79 · XSS

Published June 30, 2017

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.

Key dates

02Disclosure timeline

June 30, 2017 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2015-9103 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-46973 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2021-25978 Apostrophe - XSS CVE-2024-24885 WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) CVE-2023-6737 Enable Media Replace <= 4.1.4 - Reflected Cross-Site Scripting CVE-2024-1057 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Identifiers

CVE CVE-2015-9103

CWE CWE-79

Affected versions

Vendor Synology

Product Note Station

Affected 1.0

Vendor Synology

Product Note Station

Affected 1.1