CVE-2018-9079
CRITICALLenovo StorCenter and EMC NAS Firmware - Stored Cross-Site Scripting via DOM Manipulation
Title source: llmDescription
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/LEN-24224
Scores
CVSS v3
9.8
EPSS
0.0052
EPSS Percentile
66.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-79
Status
published
Products (20)
lenovo/ez_media_\&_backup_center_firmware
4.1.402.34662
lenovo/ix2_firmware
4.1.402.34662
lenovo/ix4-300d_firmware
4.1.402.34662
lenovo/px12-400r_firmware
4.1.402.34662
lenovo/px12-450r_firmware
4.1.402.34662
lenovo/px2-300d_firmware
4.1.402.34662
lenovo/px4-300d_firmware
4.1.402.34662
lenovo/px4-300r_firmware
4.1.402.34662
lenovo/px4-400d_firmware
4.1.402.34662
lenovo/px4-400r_firmware
4.1.402.34662
... and 10 more
Published
Sep 28, 2018
Tracked Since
Feb 18, 2026