Description
Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php.
Exploits (1)
exploitdb
WORKING POC
by Jeroen - IT Nerdbox · textwebappshardware
https://www.exploit-db.com/exploits/30727
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/124685
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90111
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/30727
Scores
EPSS
0.0541
EPSS Percentile
90.2%
Details
CWE
CWE-79
Status
published
Products (4)
seagate/blackarmor_nas_220
st320005lsa10g-rk
seagate/blackarmor_nas_220
st340005lsa10g-rk
seagate/blackarmor_nas_220
stav6000100
seagate/blackarmor_nas_220_firmware
sg2000-2000.1331
Published
Jan 09, 2014
Tracked Since
Feb 18, 2026