CVE-2017-16767 - AskarLabs CVE Database

CVE-2017-16767

Vendor Synology

Product Surveillance Station

Weakness CWE-79 · XSS

Published February 27, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.

Key dates

02Disclosure timeline

February 27, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-16767 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-40329 WordPress Custom Admin Login Page | WPZest Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) CVE-2025-30931 WordPress «Подсказки» от DaData.ru plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability CVE-2025-39397 WordPress Anything Popup plugin <= 7.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-25648 Traccar Vulnerable to Stored Cross-Site Scripting (XSS) via Malicious SVG File Upload CVE-2018-16459