Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ------------------------------------------------------------------------
- Multiple Cross-Site Scripting vulnerabilities in Synology Download
- Station
- ------------------------------------------------------------------------
- Han Sahin, September 2015
- ------------------------------------------------------------------------
- Abstract
- ------------------------------------------------------------------------
- Multiple Cross-Site Scripting vulnerabilities were found in Synology
- Download Station. These issues allow attackers to perform a wide variety
- of actions, such as stealing victims' session tokens or login
- credentials if available, performing arbitrary actions on their behalf
- but also performing arbitrary redirects to potential malicious websites.
- ------------------------------------------------------------------------
- Tested version
- ------------------------------------------------------------------------
- These issues have been tested on Synology Download Station version
- 3.5-2956 and version 3.5-2962.
- ------------------------------------------------------------------------
- Fix
- ------------------------------------------------------------------------
- Synology reports that these issue have been resolved in:
- - Download Station version 3.5-2962 [Create download task via file
- upload]
- - Download Station version 3.5-2967 [Create download task via URL]
- ------------------------------------------------------------------------
- Details
- ------------------------------------------------------------------------
- https://www.securify.nl/advisory/SFY20150809/multiple_cross_site_scripting_vulnerabilities_in_synology_download_station.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement