1. Home
  2. CVE Database
  3. CVE-2018-9081
MEDIUM · 4.7

CVE-2018-9081

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scr...

Vulnerability Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.

CVSS Score

4.7

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
LenovoStorcenter Px12-450R Firmware4.1.402.34662
LenovoStorcenter Px12-450R-
LenovoStorcenter Px12-400R Firmware4.1.402.34662
LenovoStorcenter Px12-400R-
LenovoStorcenter Px4-300R Firmware4.1.402.34662
LenovoStorcenter Px4-300R-
LenovoStorcenter Px6-300D Firmware4.1.402.34662
LenovoStorcenter Px6-300D-
LenovoStorcenter Px4-300D Firmware4.1.402.34662
LenovoStorcenter Px4-300D-
LenovoStorcenter Px2-300D Firmware4.1.402.34662
LenovoStorcenter Px2-300D-
LenovoStorcenter Ix4-300D Firmware4.1.402.34662
LenovoStorcenter Ix4-300D-
LenovoStorcenter Ix2 Firmware4.1.402.34662
LenovoStorcenter Ix2-
LenovoStorcenter Ix2-Dl Firmware4.1.402.34662
LenovoStorcenter Ix2-Dl-
LenovoEz Media \& Backup Center Firmware4.1.402.34662
LenovoEz Media \& Backup Center-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2018-9081?

CVE-2018-9081 is a vulnerability with a CVSS score of 4.7 (MEDIUM). For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scr...

How severe is CVE-2018-9081?

CVE-2018-9081 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-9081?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Storcenter Px12-450R Firmware, Lenovo Storcenter Px12-450R, Lenovo Storcenter Px12-400R Firmware, Lenovo Storcenter Px12-400R, Lenovo Storcenter Px4-300R Firmware.