CVE-2017-16766
CVE-2017-16766 concerns an improper access control vulnerability in the Synology DSM component synodsmnotify . The issue affects DSM versions prior to 6.1.4-15217 and prior to 6.0.3-8754-6, where local users can inject arbitrary web script or HTML via the -fn option. The root cause is inadequate ...