ID
VAR-201906-0946
CVE
CVE-2019-11827
TITLE
Synology Note Station Vulnerable to cross-site scripting
Trust: 0.8
sources:
JVNDB: JVNDB-2019-005855
DESCRIPTION
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter. Synology Note Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Note Station is a cloud-based note management application from Synology, a Taiwan-based company. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Trust: 1.71
sources:
NVD: CVE-2019-11827 //
JVNDB: JVNDB-2019-005855 //
VULHUB: VHN-143512
AFFECTED PRODUCTS
| vendor: | synology | model: | note station | scope: | lt | version: | 2.5.3-0863 | Trust: 1.8 |
sources:
JVNDB: JVNDB-2019-005855 //
NVD: CVE-2019-11827
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-143512 //
JVNDB: JVNDB-2019-005855 //
CNNVD: CNNVD-201906-1154 //
NVD: CVE-2019-11827 //
NVD: CVE-2019-11827
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.9 |
sources:
VULHUB: VHN-143512 //
JVNDB: JVNDB-2019-005855 //
NVD: CVE-2019-11827
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201906-1154
TYPE
XSS
Trust: 0.6
sources:
CNNVD: CNNVD-201906-1154
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-005855
PATCH
| title: | Synology-SA-19:08 Note Station | url: | https://www.synology.com/ja-jp/security/advisory/Synology_SA_19_08 | Trust: 0.8 |
| title: | Synology Note Station Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94243 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2019-005855 //
CNNVD: CNNVD-201906-1154
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-11827 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2019-005855 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201906-1154 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-143512 | Trust: 0.1 |
sources:
VULHUB: VHN-143512 //
JVNDB: JVNDB-2019-005855 //
CNNVD: CNNVD-201906-1154 //
NVD: CVE-2019-11827
REFERENCES
| url: | https://www.synology.com/security/advisory/synology_sa_19_08 | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-11827 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11827 | Trust: 0.8 |
sources:
VULHUB: VHN-143512 //
JVNDB: JVNDB-2019-005855 //
CNNVD: CNNVD-201906-1154 //
NVD: CVE-2019-11827
SOURCES
| db: | VULHUB | id: | VHN-143512 |
| db: | JVNDB | id: | JVNDB-2019-005855 |
| db: | CNNVD | id: | CNNVD-201906-1154 |
| db: | NVD | id: | CVE-2019-11827 |
LAST UPDATE DATE
2024-11-23T23:04:45.841000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-143512 | date: | 2023-01-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-005855 | date: | 2019-07-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-201906-1154 | date: | 2019-07-02T00:00:00 |
| db: | NVD | id: | CVE-2019-11827 | date: | 2024-11-21T04:21:50.487 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-143512 | date: | 2019-06-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-005855 | date: | 2019-07-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-201906-1154 | date: | 2019-06-30T00:00:00 |
| db: | NVD | id: | CVE-2019-11827 | date: | 2019-06-30T15:15:09.823 |