4 matches found
CVE-2018-9078
creationtimestamp| type| source ---|---|--- 2018-10-03 15:26:43+00:00| seen| MISP/5bb4df32-f218-45d9-aa7e-1dc00a021402...
CVE-2018-9078
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...
CVE-2018-9078 Iomega and LenovoEMC NAS Web UI Vulnerabilities
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...
CVE-2018-9078
CVE-2018-9078 affects Iomega/LenovoEMC NAS devices (Content Explorer) up to firmware 4.1.402.34662. The Web UI allowed uploading SVGs and served them from the device origin, enabling SVGs containing JavaScript that executes when downloaded by a victim, effectively enabling an in-browser XSS. Affe...