CVE-2017-15892
Synology Chat's Slash Command Creator contains multiple XSS vulnerabilities that allow remote authenticated users to inject arbitrary script or HTML via the COMMAND, COMMANDS INSTRUCTION, or DESCRIPTION parameters, in versions prior to 2.0.0-1124. The CVE-2017-15892 entry notes a MEDIUM-severity ...