Han Sahin, May 2015
Multiple reflected Cross-Site scripting vulnerabilities were found in
Synology Photo Station. These issues allow attackers to perform a wide
variety of actions, such as stealing victims' session tokens or login
credentials if available, performing arbitrary actions on their behalf
but also performing arbitrary redirects to potential malicious websites.
This issue was tested on Synology Photo Station version 6.2-2858.
Synology reports that this issue has been resolved in Photo Station
version 6.3-2945.
https://www.synology.com/en-us/releaseNote/PhotoStation