CVE-2020-27659

Name of the Vulnerable Software and Affected Versions Synology SafeAccess versions prior to 1.2.3-0234

Description Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the domain or profile parameters. This issue enables attackers to execute malicious scripts on the victim's browser, potentially leading to unauthorized actions or data theft.

Recommendations For Synology SafeAccess versions prior to 1.2.3-0234, update to version 1.2.3-0234 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters domain and profile to minimize the risk of exploitation.