CVE-2017-15888

Name of the Vulnerable Software and Affected Versions Synology Audio Station versions prior to 6.3.0-3260

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. This enables attackers to potentially execute malicious scripts on the victim's browser.

Recommendations For versions prior to 6.3.0-3260, update to version 6.3.0-3260 or later to resolve the issue. As a temporary workaround, consider restricting access to the Custom Internet Radio List feature in Synology Audio Station until the update is applied. Avoid using the NAME parameter in the affected feature until the issue is resolved.