Unrated severityNVD Advisory· Published Sep 24, 2020· Updated Aug 4, 2024
CVE-2020-8348
CVE-2020-8348
Description
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.
Affected products
2<6.1 patch 6 hotfix 4+ 1 more
- (no CPE)range: <6.1 patch 6 hotfix 4
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- iknow.lenovo.com.cn/detail/dc_191492.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.