Synology-SA-17:81 MailPlus Server
Publish Time: 2017-12-27 17:42:50 UTC+8
Last Updated: 2017-12-27 18:15:40 UTC+8
- Severity
- Low
- Status
- Resolved
Abstract
A vulnerability allows remote authenticated users to inject arbitrary HTML via a susceptible version of MailPlus Server.
Updates for Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| MailPlus Sever | Low | Upgrade to 1.4.0-0415 or above. |
Mitigation
None
Detail
- CVE-2017-16768
- Severity: Low
- CVSS3 Base Score: 4.8
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1 | 2017-12-27 | Initial public release. |