CVE-2019-11828 MEDIUM

CVE-2019-11828

Vendor Synology

Product Office

Weakness CWE-79 · XSS

Published June 30, 2019

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Key dates

02Disclosure timeline

June 30, 2019 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-11828 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-4116 PHP Jabbers Taxi Booking index.php cross site scripting CVE-2022-41651 Delta Electronics DIAEnergie CVE-2023-45761 WordPress Sendle Shipping Plugin <= 5.13 is vulnerable to Cross Site Scripting (XSS) CVE-2024-26082 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-31614 WordPress Terms Before Download plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability