CVE-2015-9104

Published Jun 30, 2017

Last updated 5 years ago

CVSS medium 5.4

Overview

Description: Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.
Source: security@synology.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79
security@synology.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:synology:audio_station:5.1-2541:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BED8D3F-A8E6-4BAC-B1EE-F537F8B717CC"
          },
          {
            "criteria": "cpe:2.3:a:synology:audio_station:5.1-2542:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1726F9C-CF4D-42A0-BA3C-AF9A92959237"
          },
          {
            "criteria": "cpe:2.3:a:synology:audio_station:5.1-2547:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "048B9D89-FDF6-47D8-8BE8-33A4667BFDE4"
          },
          {
            "criteria": "cpe:2.3:a:synology:audio_station:5.1-2549:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40ADF949-277F-4C23-AAAE-1A6E7CB23027"
          },
          {
            "criteria": "cpe:2.3:a:synology:audio_station:5.4-2852:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD27E944-577A-4C06-AC3F-8D54C2263BDD"
          },
          {
            "criteria": "cpe:2.3:a:synology:audio_station:5.4-2853:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "158ADD2F-5EF0-443F-8BB6-D6C113E0CFCD"
          },
          {
            "criteria": "cpe:2.3:a:synology:audio_station:5.4-2855:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE0BF7DC-0A44-471C-A39F-CE694AF20389"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References