Medium severity4.7NVD Advisory· Published Sep 28, 2018· Updated Jun 17, 2026
CVE-2018-9081
CVE-2018-9081
Description
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.
Affected products
1- Range: 4.1.402.34662
Patches
Vulnerability mechanics
References
1- support.lenovo.com/us/en/solutions/LEN-24224nvdVendor Advisory
News mentions
0No linked articles in our index yet.