A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Calendar. Continue reading... - - - Source: synology.com