Oliver Kramer

**Name of the Vulnerable Software and Affected Versions** Synology Drive versions prior to 1.0.2-10275 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via a malicious file name, exploiting a cross-site scripting (XSS) vulnerability in the File Sharing Notify Toast feature. **Recommendations** For versions prior to 1.0.2-10275, update to version 1.0.2-10275 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Synology Drive versions prior to 1.0.2-10275 **Description** The issue is related to improper access control, allowing remote authenticated users to access non-shared files or folders. The exact vectors used for this unauthorized access are not specified. **Recommendations** For versions prior to 1.0.2-10275, update to version 1.0.2-10275 or later to resolve the issue.