CVE-2018-8915 MEDIUM

CVE-2018-8915

Vendor Synology

Product Calendar

Weakness CWE-79 · XSS

Published May 10, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.

Key dates

02Disclosure timeline

May 10, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-8915

Related vulnerabilities

04Related CVE

CVE-2023-32659 SUBNET PowerSYSTEM Center Cross-site Scripting CVE-2024-10877 AFI – The Easiest Integration Plugin <= 1.92.0 - Reflected Cross-Site Scripting CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes CVE-2023-2616 Cross-site Scripting (XSS) - Generic in pimcore/pimcore CVE-2024-3944 WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Task Comments