CVE-2013-6923
Seagate BlackArmor NAS 220 Firmware sg2000-2000.1331 - Cross-Site Scripting via fullname or workname Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-6923. PoCs published by Jeroen - IT Nerdbox.
AI-analyzed exploit summary This exploit demonstrates persistent XSS vulnerabilities in Seagate BlackArmor NAS by injecting malicious scripts into the 'fullname' and 'workname' parameters, which execute upon page reload.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php.
Exploits (1)
This exploit demonstrates persistent XSS vulnerabilities in Seagate BlackArmor NAS by injecting malicious scripts into the 'fullname' and 'workname' parameters, which execute upon page reload.