cpe:/a:synology:chat:1.0.0-0126 cpe:/a:synology:chat:1.0.0-0127 cpe:/a:synology:chat:1.0.2-0158 cpe:/a:synology:chat:1.0.2-0159 cpe:/a:synology:chat:1.1.0-0806 cpe:/a:synology:chat:1.1.1-0902 CVE-2017-15892 2017-12-28T10:29:00.257-05:00 2019-10-09T19:24:32.877-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov CONFIRM https://www.synology.com/en-global/support/security/Synology_SA_17_78 Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.