VYPR

Office

by Synology

CVEs (3)

  • CVE-2017-11150HigAug 14, 2017
    risk 0.51cvss 7.8epss 0.02

    Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.

  • CVE-2018-8924MedJun 5, 2018
    risk 0.42cvss 6.5epss 0.01

    Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.

  • CVE-2019-11828Jun 30, 2019
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.