VYPR

Mailplus Server

by Synology

CVEs (4)

  • CVE-2017-16768MedDec 27, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.

  • CVE-2017-15890MedDec 15, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.

  • CVE-2025-2848Dec 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.

  • CVE-2018-13296Apr 1, 2019
    risk 0.00cvss epss 0.02

    Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.