Search

Find a vulnerability

Search criteria

    9 vulnerabilities found for Safe Access by Synology

    CVE-2025-10466 (GCVE-0-2025-10466)

    Vulnerability from nvd – Published: 2026-05-27 08:32 – Updated: 2026-05-27 13:44
    VLAI
    Summary
    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Synology Safe Access Affected: * , < 1.3.1-0329 (semver)
    Create a notification for this product.
    Credits
    Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T13:44:47.333907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T13:44:57.358Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Safe Access",
              "vendor": "Synology",
              "versions": [
                {
                  "lessThan": "1.3.1-0329",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T08:32:02.342Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "name": "Synology-SA-25:11 Safe Access",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2025-10466",
        "datePublished": "2026-05-27T08:32:02.342Z",
        "dateReserved": "2025-09-15T07:33:56.204Z",
        "dateUpdated": "2026-05-27T13:44:57.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-27660 (GCVE-0-2020-27660)

    Vulnerability from nvd – Published: 2020-11-30 09:30 – Updated: 2024-09-17 04:25
    VLAI
    Summary
    SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Synology Safe Access Affected: unspecified , < 1.2.3-0234 (custom)
    Create a notification for this product.
    Date Public
    2020-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:18:45.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/thomasfady/Synology_SA_20_25"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safe Access",
              "vendor": "Synology",
              "versions": [
                {
                  "lessThan": "1.2.3-0234",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-22T22:00:45.000Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/thomasfady/Synology_SA_20_25"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@synology.com",
              "DATE_PUBLIC": "2020-11-30T00:00:00",
              "ID": "CVE-2020-27660",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Safe Access",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.2.3-0234"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Synology"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "9.6",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_20_25",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
                },
                {
                  "name": "https://github.com/thomasfady/Synology_SA_20_25",
                  "refsource": "MISC",
                  "url": "https://github.com/thomasfady/Synology_SA_20_25"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2020-27660",
        "datePublished": "2020-11-30T09:30:15.887Z",
        "dateReserved": "2020-10-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:25:26.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-27659 (GCVE-0-2020-27659)

    Vulnerability from nvd – Published: 2020-11-30 09:30 – Updated: 2024-09-17 04:00
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Synology Safe Access Affected: unspecified , < 1.2.3-0234 (custom)
    Create a notification for this product.
    Date Public
    2020-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:18:45.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/thomasfady/Synology_SA_20_25"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safe Access",
              "vendor": "Synology",
              "versions": [
                {
                  "lessThan": "1.2.3-0234",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-22T21:58:33.000Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/thomasfady/Synology_SA_20_25"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@synology.com",
              "DATE_PUBLIC": "2020-11-30T00:00:00",
              "ID": "CVE-2020-27659",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Safe Access",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.2.3-0234"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Synology"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "8.4",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_20_25",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
                },
                {
                  "name": "https://github.com/thomasfady/Synology_SA_20_25",
                  "refsource": "MISC",
                  "url": "https://github.com/thomasfady/Synology_SA_20_25"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2020-27659",
        "datePublished": "2020-11-30T09:30:15.481Z",
        "dateReserved": "2020-10-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:00:17.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10466 (GCVE-0-2025-10466)

    Vulnerability from cvelistv5 – Published: 2026-05-27 08:32 – Updated: 2026-05-27 13:44
    VLAI
    Summary
    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Synology Safe Access Affected: * , < 1.3.1-0329 (semver)
    Create a notification for this product.
    Credits
    Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T13:44:47.333907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T13:44:57.358Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Safe Access",
              "vendor": "Synology",
              "versions": [
                {
                  "lessThan": "1.3.1-0329",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T08:32:02.342Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "name": "Synology-SA-25:11 Safe Access",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2025-10466",
        "datePublished": "2026-05-27T08:32:02.342Z",
        "dateReserved": "2025-09-15T07:33:56.204Z",
        "dateUpdated": "2026-05-27T13:44:57.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-27660 (GCVE-0-2020-27660)

    Vulnerability from cvelistv5 – Published: 2020-11-30 09:30 – Updated: 2024-09-17 04:25
    VLAI
    Summary
    SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Synology Safe Access Affected: unspecified , < 1.2.3-0234 (custom)
    Create a notification for this product.
    Date Public
    2020-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:18:45.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/thomasfady/Synology_SA_20_25"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safe Access",
              "vendor": "Synology",
              "versions": [
                {
                  "lessThan": "1.2.3-0234",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-22T22:00:45.000Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/thomasfady/Synology_SA_20_25"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@synology.com",
              "DATE_PUBLIC": "2020-11-30T00:00:00",
              "ID": "CVE-2020-27660",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Safe Access",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.2.3-0234"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Synology"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "9.6",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_20_25",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
                },
                {
                  "name": "https://github.com/thomasfady/Synology_SA_20_25",
                  "refsource": "MISC",
                  "url": "https://github.com/thomasfady/Synology_SA_20_25"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2020-27660",
        "datePublished": "2020-11-30T09:30:15.887Z",
        "dateReserved": "2020-10-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:25:26.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-27659 (GCVE-0-2020-27659)

    Vulnerability from cvelistv5 – Published: 2020-11-30 09:30 – Updated: 2024-09-17 04:00
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Synology Safe Access Affected: unspecified , < 1.2.3-0234 (custom)
    Create a notification for this product.
    Date Public
    2020-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:18:45.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/thomasfady/Synology_SA_20_25"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safe Access",
              "vendor": "Synology",
              "versions": [
                {
                  "lessThan": "1.2.3-0234",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-22T21:58:33.000Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/thomasfady/Synology_SA_20_25"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@synology.com",
              "DATE_PUBLIC": "2020-11-30T00:00:00",
              "ID": "CVE-2020-27659",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Safe Access",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.2.3-0234"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Synology"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "8.4",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_20_25",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_20_25"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087"
                },
                {
                  "name": "https://github.com/thomasfady/Synology_SA_20_25",
                  "refsource": "MISC",
                  "url": "https://github.com/thomasfady/Synology_SA_20_25"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2020-27659",
        "datePublished": "2020-11-30T09:30:15.481Z",
        "dateReserved": "2020-10-22T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:00:17.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CERTFR-2025-AVI-0812

    Vulnerability from certfr_avis - Published: 2025-09-23 - Updated: 2025-09-23

    Une vulnérabilité a été découverte dans Synology Safe Access pour SRM. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Synology Safe Access Safe Access versions antérieures à 1.3.1-0329 pour SRM 1.3
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Safe Access versions ant\u00e9rieures \u00e0 1.3.1-0329 pour SRM 1.3",
          "product": {
            "name": "Safe Access",
            "vendor": {
              "name": "Synology",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-10466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-10466"
        }
      ],
      "initial_release_date": "2025-09-23T00:00:00",
      "last_revision_date": "2025-09-23T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0812",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-09-23T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Synology Safe Access pour SRM. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Vuln\u00e9rabilit\u00e9 dans Synology Safe Access pour SRM",
      "vendor_advisories": [
        {
          "published_at": "2025-09-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Synology Synology_SA_25_11",
          "url": "https://www.synology.com/fr-fr/security/advisory/Synology_SA_25_11"
        }
      ]
    }

    VAR-202011-0782

    Vulnerability from variot - Updated: 2024-11-23 22:11

    SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. Synology SafeAccess Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology SafeAccess is a device from China Synology Technology Co., Ltd. that can configure the security of the network environment. The device can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices on the local network by blocking dangerous websites

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202011-0782",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "safeaccess",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "synology",
            "version": "1.2.3-0234"
          },
          {
            "model": "safe access",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "synology",
            "version": "1.2.3-0234"
          },
          {
            "model": "safe access",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27660"
          }
        ]
      },
      "cve": "CVE-2020-27660",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-27660",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-371569",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-27660",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "security@synology.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-27660",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-27660",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-27660",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "security@synology.com",
                "id": "CVE-2020-27660",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-27660",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202011-2088",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-371569",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371569"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2088"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27660"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27660"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. Synology SafeAccess Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology SafeAccess is a device from China Synology Technology Co., Ltd. that can configure the security of the network environment. The device can monitor users\u0027 Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices on the local network by blocking dangerous websites",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27660"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-371569"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-27660",
            "trust": 2.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2020-1087",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013641",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2088",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-68544",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-371569",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371569"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2088"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27660"
          }
        ]
      },
      "id": "VAR-202011-0782",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371569"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:11:15.543000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Synology-SA-20",
            "trust": 0.8,
            "url": "https://www.synology.com/ja-jp/security/advisory/Synology_SA_20_25"
          },
          {
            "title": "Synology SafeAccess SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137132"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2088"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371569"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27660"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.synology.com/security/advisory/synology_sa_20_25"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/thomasfady/synology_sa_20_25"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27660"
          },
          {
            "trust": 1.1,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2020-1087"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2020-1087"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371569"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2088"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27660"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-371569"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2088"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27660"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-371569"
          },
          {
            "date": "2021-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          },
          {
            "date": "2020-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-2088"
          },
          {
            "date": "2020-11-30T10:15:11.237000",
            "db": "NVD",
            "id": "CVE-2020-27660"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-371569"
          },
          {
            "date": "2021-07-08T09:03:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          },
          {
            "date": "2020-12-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-2088"
          },
          {
            "date": "2024-11-21T05:21:36.873000",
            "db": "NVD",
            "id": "CVE-2020-27660"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2088"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Synology\u00a0SafeAccess\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2088"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202011-0781

    Vulnerability from variot - Updated: 2024-11-23 22:11

    Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. Synology SafeAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Synology SafeAccess is a device from China Synology Technology Co., Ltd. that can configure the security of the network environment. The device can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices on the local network by blocking dangerous websites

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202011-0781",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "safeaccess",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "synology",
            "version": "1.2.3-0234"
          },
          {
            "model": "safe access",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "synology",
            "version": "1.2.3-0234"
          },
          {
            "model": "safe access",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27659"
          }
        ]
      },
      "cve": "CVE-2020-27659",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2020-27659",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-371568",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2020-27659",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "security@synology.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.7,
                "id": "CVE-2020-27659",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2020-27659",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-27659",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "security@synology.com",
                "id": "CVE-2020-27659",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-27659",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202011-2089",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-371568",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2089"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27659"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27659"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. Synology SafeAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Synology SafeAccess is a device from China Synology Technology Co., Ltd. that can configure the security of the network environment. The device can monitor users\u0027 Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices on the local network by blocking dangerous websites",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27659"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          },
          {
            "db": "VULHUB",
            "id": "VHN-371568"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-27659",
            "trust": 2.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2020-1087",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013640",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2089",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-68427",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-371568",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2089"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27659"
          }
        ]
      },
      "id": "VAR-202011-0781",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371568"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:11:15.519000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Synology-SA-20",
            "trust": 0.8,
            "url": "https://www.synology.com/ja-jp/security/advisory/Synology_SA_20_25"
          },
          {
            "title": "Synology SafeAccess Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135614"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2089"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27659"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.synology.com/security/advisory/synology_sa_20_25"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/thomasfady/synology_sa_20_25"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27659"
          },
          {
            "trust": 1.1,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2020-1087"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2020-1087"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-371568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2089"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27659"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-371568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2089"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27659"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-371568"
          },
          {
            "date": "2021-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          },
          {
            "date": "2020-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-2089"
          },
          {
            "date": "2020-11-30T10:15:10.720000",
            "db": "NVD",
            "id": "CVE-2020-27659"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-371568"
          },
          {
            "date": "2021-07-08T09:03:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          },
          {
            "date": "2020-12-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202011-2089"
          },
          {
            "date": "2024-11-21T05:21:36.743000",
            "db": "NVD",
            "id": "CVE-2020-27659"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2089"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Synology\u00a0SafeAccess\u00a0 Cross-site Scripting Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-013640"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202011-2089"
          }
        ],
        "trust": 0.6
      }
    }