CVE-2018-8928
Synology CardDAV Server’s Address Book Editor is affected by a cross-site scripting (XSS) vulnerability prior to version 6.0.8-0086. The issue allows remote authenticated users to inject arbitrary web script or HTML via the family_name, given_name, or additional_name parameters. Corroborating sou...