CVE-2018-13293

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2.1-23824

Description A cross-site scripting (XSS) issue exists in the Control Panel SSO Settings of Synology DiskStation Manager (DSM), allowing remote authenticated users to inject arbitrary web script or HTML via the URL parameter.

Recommendations For versions prior to 6.2.1-23824, update to version 6.2.1-23824 or later to resolve the issue. As a temporary workaround, consider restricting access to the Control Panel SSO Settings to minimize the risk of exploitation. Avoid using the vulnerable URL parameter in the affected settings until the issue is resolved.