Han Sahin, May 2015
A reflected Cross-Site scripting vulnerability was found in Synology
DiskStation Manager. This issue allows attackers to perform a wide
variety of actions, such as stealing victims' session tokens or login
credentials if available, performing arbitrary actions on their behalf
but also performing arbitrary redirects to potential malicious websites.
This issue was tested on Synology DiskStation Manager version 5.2-5565.
Synology reports that this issue has been resolved in DiskStation
Manager version 5.2-5565 Update 1 (2015/05/21).
https://www.synology.com/en-global/releaseNote/DS214play