Reflected Cross-Site Scripting in Synology DiskStation Manager
------------------------------
Han Sahin, May 2015
------------------------------
Abstract
------------------------------
A reflected Cross-Site scripting vulnerability was found in Synology
DiskStation Manager. This issue allows attackers to perform a wide
variety of actions, such as stealing victims' session tokens or login
credentials if available, performing arbitrary actions on their behalf
but also performing arbitrary redirects to potential malicious websites.
------------------------------
Tested version
------------------------------
This issue was tested on Synology DiskStation Manager version 5.2-5565.
------------------------------
Fix
------------------------------
Synology reports that this issue has been resolved in DiskStation
Manager version 5.2-5565 Update 1 (2015/05/21).
https://www.synology.com/en-gl
------------------------------
Details
------------------------------
https://www.securify.nl/adviso
Komentarų nėra:
Rašyti komentarą