Lucene search
K

4 matches found

Circl
Circl
added 2018/10/03 3:26 p.m.14 views

CVE-2018-9078

creationtimestamp| type| source ---|---|--- 2018-10-03 15:26:43+00:00| seen| MISP/5bb4df32-f218-45d9-aa7e-1dc00a021402...

8.8CVSS6.9AI score0.01039EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2018/09/28 8:29 p.m.4 views

CVE-2018-9078

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...

8.8CVSS5.8AI score0.01039EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2018/09/28 8:0 p.m.25 views

CVE-2018-9078 Iomega and LenovoEMC NAS Web UI Vulnerabilities

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...

8.6AI score0.01039EPSS
Exploits0References1
CVE
CVE
added 2018/09/28 8:0 p.m.49 views

CVE-2018-9078

CVE-2018-9078 affects Iomega/LenovoEMC NAS devices (Content Explorer) up to firmware 4.1.402.34662. The Web UI allowed uploading SVGs and served them from the device origin, enabling SVGs containing JavaScript that executes when downloaded by a victim, effectively enabling an in-browser XSS. Affe...

8.8CVSS8.1AI score0.01039EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder