Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors.
History

Mon, 01 Sep 2025 02:15:00 +0000

Type Values Removed Values Added
Description Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server before 3.0.27-0139 allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors. Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors.

Sun, 31 Aug 2025 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Synology
Synology radius Server
Vendors & Products Synology
Synology radius Server

Fri, 29 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 07:30:00 +0000

Type Values Removed Values Added
Description Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server before 3.0.27-0139 allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors.
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published:

Updated: 2025-09-01T01:34:03.271Z

Reserved: 2025-08-29T06:25:30.790Z

Link: CVE-2024-13987

cve-icon Vulnrichment

Updated: 2025-08-29T16:24:00.441Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T08:15:31.050

Modified: 2025-09-01T02:15:40.770

Link: CVE-2024-13987

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-31T08:41:38Z