Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-2453
HistorySep 29, 2010 - 5:00 p.m.

CVE-2010-2453

2010-09-2917:00:02
CWE-79
[email protected]
web.nvd.nist.gov
24
cve-2010-2453
xss
synology disk station
dsm3.0-1337
ftp server
web commands injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a “web commands injection” issue.

Affected configurations

NVD
Node
synologydsmMatch2.2-0942
OR
synologydsmMatch2.2-1041
OR
synologydsmMatch2.2-1042
OR
synologydsmMatch2.2-1045
OR
synologydsmMatch2.3-1139
OR
synologydsmMatch2.3-1141
OR
synologydsmMatch2.3-1144
OR
synologydsmMatch2.3-1157
OR
synologydsmMatch2.3-1161
OR
synologydsmMatch3.0-1334
AND
synologydisk_station_ds1010\+
OR
synologydisk_station_ds109
OR
synologydisk_station_ds110\+
OR
synologydisk_station_ds110j
OR
synologydisk_station_ds209
OR
synologydisk_station_ds210\+
OR
synologydisk_station_ds210j
OR
synologydisk_station_ds409slim
OR
synologydisk_station_ds410
OR
synologydisk_station_ds410j
OR
synologydisk_station_ds411\+
OR
synologydisk_station_ds710\+

Related

nvd 2
checkpoint_advisories 2
securityvulns 2
cvelist 2
packetstorm 1
prion 2
cve 1
nvd
nvd
CVE-2010-2453
2010-09-29 17:00:02
CVE-2010-3684
2010-09-29 17:00:05
checkpoint_advisories
checkpoint_advisories
Update Protection against Synology Disk Station FTP Login Web Commands Injection Vulnerability
2010-09-30 00:00:00
Suspicious Characters in FTP User Name (CVE-2009-0542; CVE-2010-2453)
2010-08-18 00:00:00
securityvulns
securityvulns
Synology Disk Station crossite scripting
2010-09-29 00:00:00
Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453
2010-09-29 00:00:00
cvelist
cvelist
CVE-2010-2453
2010-09-29 16:00:00
CVE-2010-3684
2010-09-29 16:00:00
packetstorm
packetstorm
Synology Disk Station Code Execution / Cross Site Request Forgery / Cross Site Scripting
2010-09-28 00:00:00
prion
prion
Cross site scripting
2010-09-29 17:00:00
Code injection
2010-09-29 17:00:00
cve
cve
CVE-2010-3684
2010-09-29 17:00:05

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.7%

JSON
Related for CVE-2010-2453
nvd2checkpoint_advisories2securityvulns2cvelist2packetstorm1prion2cve1