CVE-2025-13167

Description

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors.

References

• https://www.synology.com/en-global/security/advisory/Synology_SA_25_13