For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.
2018-09-28T20:29:01.423
2024-11-21T04:14:56.240
Modified
CVSSv3.0: 4.7 (MEDIUM)
AV:N/AC:H/Au:N/C:N/I:P/A:N
4.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | lenovo | storcenter_px12-450r_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | storcenter_px12-450r | - | No |
| Operating System | lenovo | storcenter_px12-400r_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | storcenter_px12-400r | - | No |
| Operating System | lenovo | storcenter_px4-300r_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | storcenter_px4-300r | - | No |
| Operating System | lenovo | storcenter_px6-300d_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | storcenter_px6-300d | - | No |
| Operating System | lenovo | storcenter_px4-300d_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | storcenter_px4-300d | - | No |
| Operating System | lenovo | storcenter_px2-300d_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | storcenter_px2-300d | - | No |
| Operating System | lenovo | storcenter_ix4-300d_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | storcenter_ix4-300d | - | No |
| Operating System | lenovo | storcenter_ix2_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | storcenter_ix2 | - | No |
| Operating System | lenovo | storcenter_ix2-dl_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | storcenter_ix2-dl | - | No |
| Operating System | lenovo | ez_media_\&_backup_center_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | ez_media_\&_backup_center | - | No |
| Operating System | lenovo | px12-450r_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | px12-450r | - | No |
| Operating System | lenovo | px12-400r_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | px12-400r | - | No |
| Operating System | lenovo | px4-400r_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | px4-400r | - | No |
| Operating System | lenovo | px4-300r_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | px4-300r | - | No |
| Operating System | lenovo | px6-300d_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | px6-300d | - | No |
| Operating System | lenovo | px4-400d_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | px4-400d | - | No |
| Operating System | lenovo | px4-300d_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | px4-300d | - | No |
| Operating System | lenovo | px2-300d_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | px2-300d | - | No |
| Operating System | lenovo | ix4-300d_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | ix4-300d | - | No |
| Operating System | lenovo | ix2_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | ix2 | - | No |
| Operating System | lenovo | ez_media_\&_backup_center_firmware | 4.1.402.34662 | Yes |
| Hardware | lenovo | ez_media_\&_backup_center | - | No |