Filtered by vendor Synology Subscriptions
Filtered by product Office Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-11828 1 Synology 1 Office 2024-11-21 5.5 Medium
Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-8924 1 Synology 1 Office 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
CVE-2017-11150 1 Synology 1 Office 2024-11-21 N/A
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.