CVE-2015-9105

CVE-2015-9105

Vendor Synology

Product Video Station

Weakness CWE-79 · XSS

Published June 30, 2017

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.

Key dates

02Disclosure timeline

June 30, 2017 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2015-9105

Related vulnerabilities

Identifiers

CVE CVE-2015-9105

CWE CWE-79

Affected versions

Vendor Synology

Product Video Station

Affected 1.2

Vendor Synology

Product Video Station

Affected 1.5

Vendor Synology

Product Video Station

Affected 1.6

01Description

02Disclosure timeline

03References

04Related CVE