Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
References
| Link | Resource |
|---|---|
| https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Jul 2025, 19:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 - Vendor Advisory | |
| CPE | cpe:2.3:o:synology:router_manager:1.3.1-9346:update9:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:-:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update7:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update1:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:*:*:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update2:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update5:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update4:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update6:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update8:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update3:*:*:*:*:*:* |
|
| First Time |
Synology
Synology router Manager |
09 Dec 2024, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-12-09 04:15
Updated : 2025-07-29 19:50
NVD link : CVE-2024-53285
Mitre link : CVE-2024-53285
CVE.ORG link : CVE-2024-53285
JSON object : View
Products Affected
synology
- router_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')