CVE-2017-16768

Name of the Vulnerable Software and Affected Versions Synology MailPlus Server versions prior to 1.4.0-0415

Description A cross-site scripting (XSS) issue exists in the User Policy editor, allowing remote authenticated users to inject arbitrary HTML via the name parameter. This could potentially lead to unauthorized actions on the affected system.

Recommendations For versions prior to 1.4.0-0415, update to version 1.4.0-0415 or later to resolve the issue. As a temporary workaround, consider restricting access to the User Policy editor to minimize the risk of exploitation. Avoid using the name parameter in the affected editor until the issue is resolved.