CVE-2018-9078
- EPSS 0.47%
- Published 28.09.2018 20:29:01
- Last modified 21.11.2024 04:14:55
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompt...
CVE-2018-9079
- EPSS 0.54%
- Published 28.09.2018 20:29:01
- Last modified 21.11.2024 04:14:55
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript ha...
CVE-2018-9080
- EPSS 0.2%
- Published 28.09.2018 20:29:01
- Last modified 21.11.2024 04:14:56
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attac...
CVE-2018-9081
- EPSS 0.3%
- Published 28.09.2018 20:29:01
- Last modified 21.11.2024 04:14:56
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add ...
CVE-2018-9082
- EPSS 0.21%
- Published 28.09.2018 20:29:01
- Last modified 21.11.2024 04:14:56
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access ...