Medium severity5.4NVD Advisory· Published May 27, 2026· Updated May 28, 2026
CVE-2025-13167
CVE-2025-13167
Description
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- www.synology.com/en-global/security/advisory/Synology_SA_25_13nvdVendor Advisory
News mentions
0No linked articles in our index yet.