Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.Referenceshttps://www.synology.com/en-global/support/security/Synology_SA_18_05
