Mailplus Server
by Synology
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16768 | Med | 0.31 | 4.8 | 0.01 | Dec 27, 2017 | Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | ||
| CVE-2017-15890 | Med | 0.31 | 4.8 | 0.01 | Dec 15, 2017 | Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | ||
| CVE-2025-2848 | 0.00 | — | 0.00 | Dec 4, 2025 | A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions. | |||
| CVE-2018-13296 | 0.00 | — | 0.02 | Apr 1, 2019 | Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. |
- risk 0.31cvss 4.8epss 0.01
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
- risk 0.31cvss 4.8epss 0.01
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.
- CVE-2025-2848Dec 4, 2025risk 0.00cvss —epss 0.00
A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.
- CVE-2018-13296Apr 1, 2019risk 0.00cvss —epss 0.02
Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.