Synology Download Station versions 3.5-2956 and 3.5-2962 suffer from multiple cross site scripting vulnerabilities.