cve/CVE-2015-6913.md at 9cc2023bd8dbe0ab8c5f051fa9a43f1e04594987

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi.

POC

Reference

http://packetstormsecurity.com/files/133520/Synology-Download-Station-3.5-2956-3.5-2962-Cross-Site-Scripting.html
https://www.securify.nl/advisory/SFY20150809/multiple_cross_site_scripting_vulnerabilities_in_synology_download_station.html

Github

No PoCs found on GitHub currently.

928 B Raw Blame History

CVE-2015-6913

Description

POC

Reference

Github

928 B

Raw Blame History