CVE-2020-27659 HIGH

CVE-2020-27659

Vendor Synology
Product Safe Access
Weakness CWE-79 · XSS
Published November 30, 2020
Last update September 17, 2024

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.

Key dates

02Disclosure timeline

November 30, 2020 CVE published
September 17, 2024 Record updated