CVE-2025-13167
EUVD-2025-20995427.05.2026, 09:16
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors.Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| synology | contacts | 𝑥 < 1.0.10-20659 |
𝑥
= Vulnerable software versions