GCVE - cpe:2.3:a:synology:note_station:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:synology:note_station:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Synology (`65464e9b-7339-559d-9719-837f074e0220`)
Product	Note Station (`2f273476-3a9b-572c-a6d0-ed99b4db7d34`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-27619`	vulnerable	2026-06-03 14:46:47.603388	Details available MEDIUM (6.8) Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Published: 2022-08-03T02:25:12.115Z Updated: 2024-09-17T02:46:46.570Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_22_12	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11827`	vulnerable	2026-06-03 14:39:33.894755	Details available MEDIUM (6.5) Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter. Published: 2019-06-30T15:05:20.451Z Updated: 2024-09-16T17:39:01.402Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_19_08	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-8912`	vulnerable	2026-06-03 14:39:09.563470	Details available MEDIUM (6.5) Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. Published: 2018-05-09T13:00:00.000Z Updated: 2024-09-17T02:27:30.032Z Open on db.gcve.eu Reference links https://www.synology.com/zh-tw/support/security/Synology_SA_18_03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-8911`	vulnerable	2026-06-03 14:39:09.563096	Details available MEDIUM (6.5) Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. Published: 2018-05-09T13:00:00.000Z Updated: 2024-09-16T23:20:43.743Z Open on db.gcve.eu Reference links https://www.synology.com/zh-tw/support/security/Synology_SA_18_03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-9103`	vulnerable	2026-06-03 14:35:18.737659	Details available Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. Published: 2017-06-30T13:00:00.000Z Updated: 2024-09-17T03:07:47.909Z Open on db.gcve.eu Reference links http://www.fortiguard.com/zeroday/FG-VD-15-110 http://www.fortiguard.com/zeroday/FG-VD-15-111 https://www.synology.com/en-global/support/security/Note_Station_1_1_0214	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.