N/A

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.

N/A

N/A

Synology Disk Station多个跨站脚本攻击漏洞

Synology DiskStation（DSM）是群晖科技（Synology）公司的一套网络储存服务器（NAS），它可作为局域网中的档案共享中心。 Synology Disk Station DSM3.0-1337之前的2.x版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助连接到FTP服务器并提供特制的(1)USER或(2)PASS命令注入任意web脚本或HTML，这些命令可以通过FTP登录模块写入到网络界面登录窗口。

N/A

N/A