Han Sahin, September 2015
Multiple Cross-Site Scripting vulnerabilities were found in Synology
Download Station. These issues allow attackers to perform a wide variety
of actions, such as stealing victims' session tokens or login
credentials if available, performing arbitrary actions on their behalf
but also performing arbitrary redirects to potential malicious websites.
These issues have been tested on Synology Download Station version
3.5-2956 and version 3.5-2962.
Synology reports that these issue have been resolved in: