Some D-Link DNS network attached storage contain a XSS vulnerability, which may allow a malicious attack. 
 
3rd Party Incident Report:
 
Benjamin Daniel Mussler - Link
 
Affected Devices:
 
Many of the affected products had firmware post prior to July 30, 2016. They are located in the list of downloadable files for each model. 

DNS-320 Fixed 2.05 - Link
DNS-320L/LW  Fixed 1.08 - Link   
DNS-325 Fixed 1.05 - Link
DNS-327L Fixed 1.07 - Link
DNS-340L Fixed 1.05 - Link   
DNS-345 Fixed 1.05 - Link 
 
We are working hard to provide fixes for the product marked "Under Development" and will post these as soon as they are available.
 
Details:
 
Please visit original  report at :  http://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html