Vulnerabilities (CVE)

Filtered by vendor Synology Subscribe
Filtered by product Video Station
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33181 1 Synology 1 Video Station 2024-11-21 6.5 MEDIUM 6.6 MEDIUM
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors.
CVE-2017-9556 1 Synology 1 Video Station 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2015-9105 1 Synology 1 Video Station 2024-11-21 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.
CVE-2015-6912 1 Synology 1 Video Station 2024-11-21 10.0 HIGH N/A
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.
CVE-2015-6911 1 Synology 1 Video Station 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
CVE-2015-6910 1 Synology 1 Video Station 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.