2 matches found
CVE-2018-14698
Cross-site scripting in the /DroboAccess/deleteuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter...
CVE-2018-14698
CVE-2018-14698 concerns a cross-site scripting flaw in Drobo 5N2 NAS, specifically in the /DroboAccess/delete_user endpoint. The vulnerability allows an attacker to inject JavaScript via the username URL parameter in Drobo 5N2 NAS version 4.0.5-13.28.96115. NVD data lists CVSS v3 base score 6.1 (...