Arbitrary Web Script Injection in Synology Download Station's Create Download Task via File Upload Feature

Arbitrary Web Script Injection in Synology Download Station's Create Download Task via File Upload Feature

CVE-2015-6909 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file.

Learn more about our Web App Pen Testing.