CVE-2010-2453 - Vulnerability Details

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Synology	Disk Station Ds1010\+ Disk Station Ds109 Disk Station Ds110\+ Disk Station Ds110j Disk Station Ds209 Disk Station Ds210\+ Disk Station Ds210j Disk Station Ds409slim Disk Station Ds410 Disk Station Ds410j Disk Station Ds411\+ Disk Station Ds710\+ Dsm

Configuration 1 [-]

AND

OR	cpe:2.3:o:synology:dsm:2.2-0942:::::::*
	cpe:2.3:o:synology:dsm:2.2-1041:::::::*
	cpe:2.3:o:synology:dsm:2.2-1042:::::::*
	cpe:2.3:o:synology:dsm:2.2-1045:::::::*
	cpe:2.3:o:synology:dsm:2.3-1139:::::::*
	cpe:2.3:o:synology:dsm:2.3-1141:::::::*
	cpe:2.3:o:synology:dsm:2.3-1144:::::::*
	cpe:2.3:o:synology:dsm:2.3-1157:::::::*
	cpe:2.3:o:synology:dsm:2.3-1161:::::::*
	cpe:2.3:o:synology:dsm:3.0-1334:::::::*

OR	cpe:2.3:h:synology:disk_station_ds1010\+::::::::
	cpe:2.3:h:synology:disk_station_ds109::::::::
	cpe:2.3:h:synology:disk_station_ds110\+::::::::
	cpe:2.3:h:synology:disk_station_ds110j::::::::
	cpe:2.3:h:synology:disk_station_ds209::::::::
	cpe:2.3:h:synology:disk_station_ds210\+::::::::
	cpe:2.3:h:synology:disk_station_ds210j::::::::
	cpe:2.3:h:synology:disk_station_ds409slim::::::::
	cpe:2.3:h:synology:disk_station_ds410::::::::
	cpe:2.3:h:synology:disk_station_ds410j::::::::
	cpe:2.3:h:synology:disk_station_ds411\+::::::::
	cpe:2.3:h:synology:disk_station_ds710\+::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/513970/100/0/threaded

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-29T16:00:00

Updated: 2024-08-07T02:32:16.580Z

Reserved: 2010-06-24T00:00:00

Link: CVE-2010-2453

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-09-29T17:00:02.993

Modified: 2024-11-21T01:16:41.670

Link: CVE-2010-2453

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object