Vulnerability Details CVE-2018-9081
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.0%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 2.6
References
Products affected by CVE-2018-9081
-
cpe:2.3:h:lenovo:ez_media_&_backup_center:-
-
cpe:2.3:h:lenovo:ix2:-
-
cpe:2.3:h:lenovo:ix4-300d:-
-
cpe:2.3:h:lenovo:px12-400r:-
-
cpe:2.3:h:lenovo:px12-450r:-
-
cpe:2.3:h:lenovo:px2-300d:-
-
cpe:2.3:h:lenovo:px4-300d:-
-
cpe:2.3:h:lenovo:px4-300r:-
-
cpe:2.3:h:lenovo:px4-400d:-
-
cpe:2.3:h:lenovo:px4-400r:-
-
cpe:2.3:h:lenovo:px6-300d:-
-
cpe:2.3:h:lenovo:storcenter_ix2-dl:-
-
cpe:2.3:h:lenovo:storcenter_ix2:-
-
cpe:2.3:h:lenovo:storcenter_ix4-300d:-
-
cpe:2.3:h:lenovo:storcenter_px12-400r:-
-
cpe:2.3:h:lenovo:storcenter_px12-450r:-
-
cpe:2.3:h:lenovo:storcenter_px2-300d:-
-
cpe:2.3:h:lenovo:storcenter_px4-300d:-
-
cpe:2.3:h:lenovo:storcenter_px4-300r:-
-
cpe:2.3:h:lenovo:storcenter_px6-300d:-
-
cpe:2.3:o:lenovo:ez_media_&_backup_center_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662
-
cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662