CVE-2018-9081

Published: Sep 28, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.

Vendor	Product	Versions
Lenovo Group LTD	Iomega StorCenter	affected `4.1.402.34662 - <= 4.1.402.34662`
Lenovo Group LTD	LenovoEMC	affected `4.1.402.34662 - <= 4.1.402.34662`
Lenovo Group LTD	EZ Media and Backup Center	affected `4.1.402.34662 - <= 4.1.402.34662`

References

https://support.lenovo.com/us/en/solutions/LEN-24224

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-9081

Description

Affected Products

References