CVE-2013-6923

Seagate Blackarmor Nas 220 Firmware - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php.

Exploits (1)

exploitdb WORKING POC

by Jeroen - IT Nerdbox · textwebappshardware

https://www.exploit-db.com/exploits/30727

View Code ZIP pw:eip

References (3)

[Exploit] http://packetstormsecurity.com/files/124685

[Exploit] http://www.exploit-db.com/exploits/30727

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90111

Scores

EPSS 0.0541

EPSS Percentile 90.0%

Details

CWE

CWE-79

Status published

Products (5)

seagate/blackarmor_nas_220_firmware

seagate/blackarmor_nas_220

seagate/blackarmor_nas_220

seagate/blackarmor_nas_220

n/a/n/a

Published Jan 09, 2014

Tracked Since Feb 18, 2026