Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synology | Dsm | 2.2-0942 |
| Synology | Disk Station Ds1010\+ | All versions |
| Synology | Disk Station Ds109 | All versions |
| Synology | Disk Station Ds110\+ | All versions |
| Synology | Disk Station Ds110J | All versions |
| Synology | Disk Station Ds209 | All versions |
| Synology | Disk Station Ds210\+ | All versions |
| Synology | Disk Station Ds210J | All versions |
| Synology | Disk Station Ds409Slim | All versions |
| Synology | Disk Station Ds410 | All versions |
| Synology | Disk Station Ds410J | All versions |
| Synology | Disk Station Ds411\+ | All versions |
| Synology | Disk Station Ds710\+ | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/513970/100/0/threaded
- http://www.securityfocus.com/archive/1/513970/100/0/threaded
FAQ
What is CVE-2010-2453?
CVE-2010-2453 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and pr...
How severe is CVE-2010-2453?
CVE-2010-2453 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2453?
Check the references section above for vendor advisories and patch information. Affected products include: Synology Dsm, Synology Disk Station Ds1010\+, Synology Disk Station Ds109, Synology Disk Station Ds110\+, Synology Disk Station Ds110J.