Muhammad Junaid Abdullah

**Name of the Vulnerable Software and Affected Versions** Synology DiskStation Manager (DSM) versions prior to 6.2.1-23824 **Description** The issue allows remote authenticated users to obtain sensitive information due to an information exposure vulnerability in the /usr/syno/etc/mount.conf configuration file. **Recommendations** For versions prior to 6.2.1-23824, update to version 6.2.1-23824 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Synology DiskStation Manager (DSM) versions prior to 6.2.1-23824 **Description** A cross-site scripting (XSS) issue exists in the Control Panel SSO Settings of Synology DiskStation Manager (DSM), allowing remote authenticated users to inject arbitrary web script or HTML via the URL parameter. **Recommendations** For versions prior to 6.2.1-23824, update to version 6.2.1-23824 or later to resolve the issue. As a temporary workaround, consider restricting access to the Control Panel SSO Settings to minimize the risk of exploitation. Avoid using the vulnerable URL parameter in the affected settings until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Synology Calendar versions prior to 2.1.1-0502 **Description** A cross-site scripting (XSS) issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via the `title` parameter. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions prior to 2.1.1-0502, update to version 2.1.1-0502 or later to resolve the issue. As a temporary workaround, consider restricting access to the Notification Center in Synology Calendar until the update is applied. Avoid using the `title` parameter in the affected functionality until the issue is resolved.