CVE-2013-6923

2014-01-0918:55:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-6923

cross-site scripting

xss

seagate blackarmor nas 220

firmware sg2000-2000.1331

remote code injection

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php.

Affected configurations

NVD

Node

seagateblackarmor_nas_220_firmwareMatchsg2000-2000.1331

AND

seagateblackarmor_nas_220Matchst320005lsa10g-rk

seagateblackarmor_nas_220Matchst340005lsa10g-rk

seagateblackarmor_nas_220Matchstav6000100

CPENameOperatorVersion
seagate:blackarmor_nas_220_firmwareseagate blackarmor nas 220 firmwareeqsg2000-2000.1331
seagate:blackarmor_nas_220seagate blackarmor nas 220eqst320005lsa10g-rk
seagate:blackarmor_nas_220seagate blackarmor nas 220eqst340005lsa10g-rk
seagate:blackarmor_nas_220seagate blackarmor nas 220eqstav6000100

CPE	Name	Operator	Version
seagate:blackarmor_nas_220_firmware	seagate blackarmor nas 220 firmware	eq	sg2000-2000.1331
seagate:blackarmor_nas_220	seagate blackarmor nas 220	eq	st320005lsa10g-rk
seagate:blackarmor_nas_220	seagate blackarmor nas 220	eq	st340005lsa10g-rk
seagate:blackarmor_nas_220	seagate blackarmor nas 220	eq	stav6000100