CVE-2017-16767

Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 8.1.2-5469

Description: A cross-site scripting (XSS) issue exists in the User Profile component, allowing remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. This can lead to the execution of malicious code on the victim's browser.

Recommendations: For versions prior to 8.1.2-5469, update to version 8.1.2-5469 or later to resolve the issue. As a temporary workaround, consider restricting access to the User Profile component to minimize the risk of exploitation. Avoid using the userDesc parameter in the affected component until the issue is resolved.