Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Synology DiskStation Manager 跨站脚本漏洞
Vulnerability Description
Synology DiskStation Manager(DSM)是中国群晖科技(Synology)公司的一套用于网络储存服务器(NAS)上的操作系统。该操作系统可管理资料、文件、照片、音乐等信息。 Synology DiskStation Manager 中存在跨站脚本漏洞,该漏洞源于产品的下游组件未对输入数据中的特殊字符做安全过滤。以下产品及版本受到影响:Synology DiskStation Manager 7.0.1-42218-2 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A