CVE-2019-11825 MEDIUM

CVE-2019-11825

Vendor Synology

Product Calendar

Weakness CWE-79 · XSS

Published June 30, 2019

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

Key dates

02Disclosure timeline

June 30, 2019 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-11825 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-11368 Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting CVE-2025-64710 Bitplatform Boilerplate has cross-site scripting vulnerability CVE-2025-46501 WordPress Mixcloud Embed plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability CVE-2024-43724 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2025-40890 Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0