VYPR
Medium severity4.7NVD Advisory· Published Sep 28, 2018· Updated Jun 17, 2026

CVE-2018-9081

CVE-2018-9081

Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.