Warisse Valentin

**Name of the Vulnerable Software and Affected Versions** Synology Contacts versions prior to 1.0.10-20659 **Description** Improper neutralization of input during web page generation leads to a Cross-site Scripting (XSS) issue in the contact functionality. This allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors. **Recommendations** Update to version 1.0.10-20659 or later.