Jangwoo Choi

**Name of the Vulnerable Software and Affected Versions** EmbedPress versions prior to 4.5.4 **Description** The EmbedPress plugin for WordPress is subject to Stored Cross-Site Scripting (XSS), a flaw where malicious scripts are permanently stored on the target server. The issue occurs due to insufficient input sanitization and output escaping within the `url` attribute of the block. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update the plugin to version 4.5.4 or later.

**Name of the Vulnerable Software and Affected Versions** Synology DiskStation Manager (DSM) versions prior to 6.2.4-25556-8 Synology DiskStation Manager (DSM) versions prior to 7.0.1-42218-7 Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-7 Synology DiskStation Manager (DSM) versions prior to 7.2.1-69057-2 **Description** The issue is related to a URL redirection to an untrusted site, also known as an 'Open Redirect' vulnerability, in the file access component. This allows remote authenticated users to conduct phishing attacks via unspecified vectors. **Recommendations** For versions prior to 6.2.4-25556-8, update to version 6.2.4-25556-8 or later. For versions prior to 7.0.1-42218-7, update to version 7.0.1-42218-7 or later. For versions prior to 7.1.1-42962-7, update to version 7.1.1-42962-7 or later. For versions prior to 7.2.1-69057-2, update to version 7.2.1-69057-2 or later.